Appodeal’s guide on GDPR: collecting consent from end-users

As the May 25 deadline looms closer, we are all starting to feel the pressure rise. The good news for publishers is that all their major partners, including Appodeal, have made it their aim to assist with GDPR compliance.

To that effect, we are sharing this article to answer all those last minute questions you may have about what comes next, so that you can keep working with Appodeal as usual, and avoid future headaches related to the new regulations.

Should I collect consent from end-users and how can I implement it in my apps?

Our updated privacy policy spells out your responsibilities for obtaining consent from end-users of your apps. As an app developer or publisher, by initializing our SDK you agree that you’re responsible for notifying the end users that you’re using Appodeal as a data collection-related SDK. Please note that the consent collection applies only to users located in the European Economic Area, the United Kingdom, and Switzerland.

To make the process easier, we have added consent windows to our demo projects for iOS, Android, Unity and Corona platforms. Please follow the links below to see demo projects.

 iOS sample window on Github

Follow the link to take a closer look

 Android sample window on Github

Follow the link to take a closer look

Unity sample window on Github

Corona sample window on Github

Tips on implementing a consent window:

 To keep your UX as compelling as it was before, you can stylize your consent window to match the main app interface.

 In order to avoid annoying users, save the returned consent result between sessions so they aren’t asked every time they open your app.

 Once an end-user changes their mind and decides to withdraw their consent, they should proceed to “Settings” to limit ad tracking. You can add a special “Withdraw my consent” button to your app instead, so users won’t have to look for a setting themselves.

 Remember that you are only required to collect consent in countries covered by GDPR.

What happens if we don’t implement a consent window by May 25, 2018? Will you stop serving ads? What if a user rejects our notification about personal data, will they still be able to see ads?

There are two scenarios: the first one is for older versions of Appodeal SDK, the second is for an updated SDK 2.4.1 version with both Parallel Bidding and GDPR-compliance that will be ready before May 25, 2018. Please note that both scenarios require integration of a consent window into your app.

 Older SDK versions

As for older versions of the SDK, we will continue to support them moving forward. It’s important to know that if an end-user doesn’t provide their consent to sharing personal information, you shouldn’t initialize Appodeal SDK and show ads to such end-users.

 SDK 2.4.1 with a GDPR-related functionality and Parallel Bidding

The updated 2.4.1 version of the Parallel Bidding SDK can be initialized whether or not an end-user provides their consent. Publishers will still be responsible for collecting this consent and passing it to our SDK.

In case an end-user doesn’t agree on processing their personal data, Appodeal SDK 2.4.1 will notify all ad demand partners so they won’t collect any information from this user and our ad demand partners will just show non-targeted and less relevant ads to such users. If consent is given, they will personalize an end-user ad experience in accordance with shared information.

You can find the updated SDK 2.4.1 version with a GDPR compliance in our blog post.

Will all networks be initialized and GDPR compliant?

Unfortunately, we can’t speak on behalf of all demand partners, but the majority of them have already taken actions in order to be GDPR-compliant. If any particular partners are not GDPR-compliant after May 25, 2018, we will notify users and disable the SDK of those partners in countries covered by GDPR.

Please feel free to reach out to us with any questions if something is not clear. We’re always happy to help you at support@appodeal.com. To confirm what your next steps toward compliance might involve, please consult your lawyers to make sure you’re on the right path.

Tags:
  • Lukas

    Hello 🙂 Thanks for this article. Two questions:
    1. Any demo project for Corona SDK?
    2. Is there any free way to display the above window only in EU countries?
    Thank you 🙂

    • Dion Peters

      I also would like to know how to display the window in europe only

    • Valerie Alfimova

      Hey Lukas! Currently, we’re working on Corona and Unity samples. Will be available tomorrow. As for the second question, if you use Admob you can try using their Consent SDK which should be available mid-May. If it returns ConsentState.NOT_EEA, you don’t have to show consent windows, otherwise they have these guides: https://developers.google.com/admob/android/eu-consent
      https://developers.google.com/admob/ios/eu-consent

      Let me know if anything is not clear at this point!

      • simone mapelli

        Ok, thank you for informations; so the flag ConsentState.NOT_EEA and all the other would be accessible in the corona plugin too ? Thank you

        • Valerie Alfimova

          Hey! It depends on how Google implements it. Their solution should be ready soon (hopefully, this week, but we can’t speak on behalf of Google of course).

      • Vladimir

        Are you ready with Corona samples?

    • Valerie Alfimova
  • Dr. Emmet

    Hi! How to display the window in Europe only in case I’m not use Appodeal?

    • Valerie Alfimova

      Hello! Unfortunately, we can’t be of help in this case, we’re just afraid of any misleading information that can affect your business. We encourage you to contact lawyers to learn more about it. Good luck!

  • Hamza Mir

    Do we require to collect consent from users others than EU ?
    If we are using older of Appodeal does it stop to serve ads other than EU ?

    • Valerie Alfimova

      Hi! According to GDPR, you are only required to collect consent in countries covered by GDPR, which means the European Economic Area, the United Kingdom, and Switzerland.

  • L Studios Afrika

    quick question the above demos are for android and ios what about unity?

    • Valerie Alfimova

      Hello! Let me clarify this with our development team, I’ll get back to you as soon as they shed light on Unity and Corona demos 🙂 Thanks!

    • Valerie Alfimova

      Hello again! Our development team says they’re working on it at this moment. We’ll keep you updated!

  • Arpad Baksai

    Does the form need to be displayed in different languages? Or just English will do?

    • Valerie Alfimova

      Hey there! We recommend to display it in the same language as the app.

  • Leander Maguetas

    Do I need to show this consent if I do not collect any information from users?

    • Valerie Alfimova

      Hello Leander! Since Appodeal isn’t the first party to speak to the end user, we require our publishers to request the consent for us. You, as a publisher, have to pass value of the consent to our SDK using a consent parameter in initialize() method. Let me know if you have any further questions!

      • Chung Truong

        Hello Valerie,

        can you give an example on how to pass the consent to the ios sdk?
        Thank you.

        • Valerie Alfimova

          Hi! The example will be added to documentation of the new SDK version 2.3.3 which we’re going to release this week.

  • Chris Lee

    Re: Getting consent only for EU users.

    What I’m doing is checking the IP address and determining the Country Code, then checking the country code against the EU list of Countries which I believe are these : “BE”, “EL”, “LT”, “PT”, “BG”, “ES”, “LU”, “RO”, “CZ”, “FR”, “HU”, “SI”, “DK”, “HR”, “MT”, “SK”, “DE”, “IT”, “NL”, “FI”, “EE”, “CY”, “AT”, “SE”, “IE”, “LV”, “PL”, “UK”, “CH”, “NO”, “IS”, “LI”

    Admob will have this built into their SDK. I was hoping Appodeal would expose a method like this as well.

    • slake_it

      That would be great

    • Noam Behar

      Please include that in the sdk for seamless integration and so that each developer doesn’t have to implement it by it’s own.

      • Valerie Alfimova

        Hi Noam! Currently, we’re not planning to include it into the SDK 2.3.3 version, but we have it planned for the next releases. Thanks!

    • Valerie Alfimova

      Hey Chris! We’re not planning on implementing such functionality so far, but we’ll definitely consider it for the next releases. Thanks!

    • Daniel Rondon

      Using the IP address is GDPR compliant

      • Chris Lee

        I think so long as you don’t store the ip address it is ok.

        • Daniel Rondon

          but the ip address is being processed, this could give us problems 🙁

    • Daniel Rondon

      I’m thinking about using the IP-API library, but I do not know if this is GDPR compliant

      https://github.com/seventhmoon/IpApi-retrofit?utm_source=android-arsenal.com&utm_medium=referral&utm_campaign=2819

  • Johnas

    Is it possible to use Google’s Consent SDK instead of yours?

    • Valerie Alfimova

      Hi Johnas! Yes, you can do that as long as you collect the consent and pass the obtained consent value to our SDK.

      • Daniel Rondon

        The Google Consent SDK has already been released? Where is the GitHub repository?

        • Valerie Alfimova

          There’s still no SDK we’re aware of. We’ll let you know ASAP once they release it.

          • Daniel Rondon

            May 25 is very close 🙁 Is there hope for the SDK to be released before?

          • Valerie Alfimova

            They should do this as well as everyone, we don’t have much choice. Our SDK is gonna be released tonight.

          • Daniel Rondon

            The SDK 2.3.3 disappeared from the documentation and now it shows the 2.1.11

          • Valerie Alfimova

            Hey Daniel! You can find download links here: https://blog.appodeal.com/blog/2018/05/18/gdpr-sdk-241/

  • Johnas

    I understand that user consent should be stored server side, along with the consent message. Your samples are storing user choice locally on device only?

    • Valerie Alfimova

      Hello! We send the consent value locally and on our server side. As the consent window will be implemented by a publisher, we have no access to its text displayed.

      • Daniel Rondon

        Is it really necessary that the user consent be stored on the server side or can it be stored locally?

        • Valerie Alfimova

          It is necessary for us to store consent on the server side, but we can’t assure you that publishers have to do the same. If you collect any data yourself, then yes, you’d have to do that; if not, a local consent storage would be probably enough. Please make sure to consult with lawyers before moving forward since neither Appodeal nor me personally can provide any official advice on the GDPR matter.

  • Valeriy Martinov

    Если кому надо на русском, вот перевод https://docs.google.com/document/d/1-BbBW9ylKTGlupQkSaOfy3pu0mUgT74UnGuVOpXk1qA

  • Scott C

    Does this work with Appodeal SDK 4?

    • Valerie Alfimova

      If you mean SDK 2.4.0 with Parallel Bidding, then the answer is yes, we’re going to release SDK Parallel Bidding version with a GDPR-functionality next week or so, but it’s not live yet. Meanwhile you should still implement consent windows no matter what SDK version you use.

      • Scott C

        Ok thank you

  • Leonid Bu

    Hello! Can you please tell me a Unity SDK 2.3.3 release date?
    Thanks!

  • simone mapelli

    Hi, a doubt please: I’ve downloaded and used the corona sdk sample for request consent here https://github.com/coronalabs/plugins-sample-appodeal/tree/gdpr , but where is the consent parameter in the appodeal plugin initializing method with which send the consent to appodeal, as requested?
    Maybe it’s my oversight and in case I’m sorry for my mistake, but I can find nothing about it not in the sample nor in the corona sdk appodeal plugin documentations (http://docs.coronalabs.com/plugin/appodeal/init.html), I suppose it must be in the init appodeal method call.
    So, what is the name of the parameter that I should use for this purpose?
    Thank you

  • Mese

    I only have one doubt:

    On the (3) it says that once the user wants he should have a button to remove the Consent.
    So, On Unity, how do I tell the Appodeal SDK about this without restarting app? Can I just run Appodeal.Initialize(key, init, hasConsent) again? Is that correct? Or is there any other command I can throw Appodeal to update the user Consent?

    If Running Appodeal.Initialize() again is the answer. Do I have to set up all the configs that comes before Initialize again? (like Appodeal.setChildDirectedTreatment(), Appodeal.disableWriteExternalStoragePermisionCheck() )

    Or maybe, Should I tell the user that the he or she will need to restart the app in order for the changes to take effect? (worst case scenario)

    Thanks in advance

    • Chris Lee

      Good question! I’m curious about this too.

  • Виталий Степанов

    After the upgrade of the Unity asset, the gradle started issuing the error “Execution failed for task ‘: transformClassesWithDexForRelease’.” How can I fix it?

    • Nitro

      Something similar for my troubles. Plugin 2.8.42 on Unity 2018.1, build process is OK (Gradle), but some bugs while initializing on device. Wrote a request to support, but here’s still no answer, about 2 hours. Happy 25th of May! 🙂 Try to renew (downgrade) sdk build-tools, there is errors in my case when using 28.0.0 build-tools version. Anymore, I can build app with gradle only (internal unity’s build system doesn’t work — ‘failed to re-pack resources’). But with 27.0.0 + Gradle works fine

This is a unique website which will require a more modern browser to work! Please upgrade today!