Am I right to say without the Consent SDK, we can only default the value of hasUserConsent to false?
Not sure that I’ve understood your question right.
When you have user consent for his data, you should set the parameter to true. If you don’t have this consent - set it to false to enable GDPR restrictions.
But to gain user consent for displaying personalised Admob ads, we will need the Consent SDK integrated so that we can present it to the users.
You can gain user consent for yourself, just like with basically every other ad plugin.
If the personal information we are collecting is for our own usage, then I think it is reasonable for us to present our own consent form. However, since the information is used by Admob, I don’t think we should be presenting our own custom consent form.
@falcon777 No. You can ask for consent yourself. Most apps I have seen so far are showing their own personal consent form. Most providers don’t even have a consent UI to display they expect you to have created one.
We published a checklist to our blog that guides you through what you need to do:
https://coronalabs.com/blog/2018/05/16/getting-your-corona-apps-ready-for-gdpr/
But to summarize here.
You, the developer present a dialog box of your own design that fits the style of your app that:
a. Tells the user that your app is going to be collecting data.
b. Provide a link to your privacy policy on your website.
c. In that privacy policy, provide more context that your ad providers are collecting data and link to their privacy policy.
d. Provide a UI that ask them to either consent to this, or decline it. It could be something as simple as a checkbox, on/off switch etc. using widget.newSwitch. This should be defaulted to no consent, since the EU’s intent is for the user to actively opt-in and not opt-out of consent.
e. Save that setting with your other app settings.
f. On your settings screen, provide the user an option to change their mind.
g. Decide how your app will behave if the user does not consent.
h. If your ad plugin will provide non-targeted/non-tracked ads, you can then pass the consent choice to the ad plugin according to the documentation for that plugin. If your plugin doesn’t have a consent API, then simply don’t initialize the plugin if there is no consent.
Rob
Thanks for the information. I have not exactly seen Admob consent interface yet so I cannot comment on that. I would have thought using the one provided by Admob would be the safest bet moving forward as they know best what data is being collected and how is it being used.
I think that would be fine if you only needed to get permission from Admob. But if you use any analytic provider then you would have to ask for that also or other ad networks.
For example, I use flurry. And their consent dialog box doesn’t look anything like Admob. So I would have to show Admob then Flurry. It would look awkward.
Some don’t have any. If I used Game Analytics I would have to roll my own consent dialog box because they don’t have one. So if you used Kiddoz they require consent but don’t have their own so you would still need to create one.
This is what the magic the gathering consent looks like. The ask for about 8 different consents all at once.
Sidenote: Kidoz have updated their SDK policy, it is is not necessary to gather consent for their sake.
@perflubron where did you see that? From their SDK policy:
ONSENT REQUIREMENTS & RIGHTS OF THE DATA SUBJECT
As between the parties, the Publisher undertakes accepts and agrees that the Data Subject do not have a direct relationship with Kidoz and that Kidoz relies on Publisher’slawful basis (as required under Data Protection Law). In the event consent is required under Data Protection Law, the Publisher shall:(i)ensure that it obtains consent from Data Subjectsand displays all necessary and applicable notices in accordance with the Data Protection Law as well as enable lawful transfer of the Personal Data to Kidoz;(ii)maintain a record of all consents obtained from Data Subject, including the time and data on which consent was obtained, the information presented to Data Subject; and(iii)record of the withdrawals of consent by Data Subject. The Publisher shall make these records available to Kidoz promptly upon request.
@agramonte: I am confused. You wrote you’re not planning to do any pop-ups for ads. This would be ideal. But according to Admob, we still have to ask for consent even if we are only showing non personalized ads**: https://support.google.com/admob/answer/7666366?hl=en&ref_topic=2745287**
"Although these ads don’t use cookies for ads personalization, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Consent is therefore required to use cookies for those purposes from users in countries to which the ePrivacy Directive’s cookie provisions apply."
Or am I not understanding something correctly here?
I am kind of confused as well. I also on not showing the consent dialog as it is intruding and most likely users will not even read it and just accept to continue using the app. And because of that, just set the hasUserConsent flag to false.
Wow, that is terrible. I think might stop providing my apps to Europe or at least stop advertising there. I had not read that.
How are you going to tell if someone is from the EU?
I am going to stop offering the game in the EU by turning off the country or regions in the app store. I already did it on Amazon. I am also going to turn off the country on Gamesparks. Gamesparks records the country based on ip. This is the best that I can do.
How about users who already downloaded your app?
I have a mechanism in Gamesparks to show a message at startup. They’ll get a message when they start the game stating that it is no longer available in that country. Probably get a bunch of bad reviews, but I have wasted way to much time on this already. I didn’t start making games to spend most of my time working on consents.
Agramonte: Halfway down their SDK and privacy policy: http://kidoz.net/website-and-kidoz-sdk-privacy-policy/
My Medium post discusses how to identify EU users and how I ask for consent, although it is more like disclosure given that it is for non-personalized ads.
I don’t really see it in that document. They say they collect personal and non-personal information and that consent is required if it is “required by law”. I also sent an e-mail to support and Kiddoz and they responded with basically the identical sentence. My question was: Do you collect personal information and do I need to ask for consent.
This is the personal information they collect:
Type of InformationHow Do We Use It? Approximate GEO location data We will use this information solely in order to determine the User’s country and to target the applicable advertising campaign. Meaning, if the User is located in a country where the official language is Spanish, the advertisement represented shall be in that language. Identifiers
· We will use the Identifiers we collect for two purposes: (i) targeting the applicable advertising campaign (for example, to enable ad frequency capping); and (ii) maintaining or internally analyzing the functioning of our Services.
· In any event, we use the Identifier solely for internal support purposes and/or in compliance with COPPA regulations
In any case, you do what you feel comfortable doing.
What is the difference between applying the consent parameters the current way vs waiting on the Consent SDK that Admob has. Do we have a rough ETA on the consent SDK update for the Admob plugin?
Also, does anyone think that Admob will eventually handle this server side, or are they indefinitely putting it on the developer to handle consent?
I would think eventually they could offer settings in the dashboard where we could handle this, OR they could do what Applovin is doing and just remove personalized ads from all EU countries. Seems like such a simple approach.
Not sure why they are so adamant about putting the burden on the developer when it seems like so much more work.