GDPR and CCPA
The General Data Protection Regulation, better known as GDPR, took effect on May 25, 2018. It’s a set of rules designed to give EU citizens more control over their personal data. Any businesses established in the EU or with users based in Europe are required to comply with GDPR or risk facing heavy fines. The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020.We have put together some guidelines to help publishers understand better the steps they need to take to be GDPR compliant.
Main Steps:
Step 1: Update Privacy Policy
Step 2. Stack Consent Manager
Step 3: Advanced
You can learn more about GDPR and CCPA and the differences between them here.
Step 1. Update Privacy Policy
1.1 Make Sure Your Privacy Policy Includes Information About Advertising ID Collection.
Don’t forget to add information about IP address and advertising ID collection, as well as the link to Appodeal’s privacy policy to your app’s privacy policy on the App Store.
To speed up the process, you could use privacy policy generators —just insert advertising ID, IP address, and location (if you collect users’ location) in the "Personally Identifiable Information you collect" field (in line with other information about your app) and the link to Appodeal’s privacy policy in the "Link to the privacy policy of third party service providers used by the app".
1.2 Add A Privacy Policy To Your Mobile App.
You must add your explicit privacy policies in two places: on your app’s Store Listing page and within your app.
You can find detailed instructions on adding your privacy policy to your app on legal service websites. For example, Iubenda, the solution tailored to legal compliance, provides a comprehensive guide on including a privacy policy in your app.
Make sure that your privacy policy website has an SSL certificate—this point might seem obvious, but it’s still essential.
Here’s are two useful resources that you can utilize while working on your app compliance:
- App privacy details on the App Store
- Recommendations on Developing a Meaningful Privacy Policy (by Attorney General California Department of Justice)
Please note that although we’re always eager to back you up with valuable information, we’re not authorized to provide any legal advice. It’s important to address your questions to lawyers who specialize in this area.
Step 2. Stack Consent Manager
In order for Appodeal and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent in the regions covered by GDPR and CCPA.
To get consent for collecting personal data of your users, we suggest you use a ready-made solution - Stack Consent Manager.
Stack Consent Manager comes with a pre-made consent window that you can easily present to your users. That means you no longer need to create your own consent window.
Starting from Appodeal SDK 3.0, Stack Consent Manager is included by default.
Consent will be requested automatically on SDK initialization, and consent form will shown if it is necessary without any additional calls.
@UIApplicationMain final class MyAppDelegate: UIResponder, UIApplicationDelegate, AppodealInitializationDelegate { func application( _ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey : Any]? = nil ) -> Bool { Appodeal.setAutocache(false, types: .interstitial) Appodeal.setLogLevel(.verbose) // New optional delegate for initialization completion Appodeal.setInitializationDelegate(self) /// Any other pre-initialization /// app specific logic Appodeal.initialize( withApiKey: "APP_KEY", types: .interstitial ) return true } func appodealSDKDidInitialize() { // Appodeal SDK did complete initialization } }
Advanced
Custom Consent Logic
Stack Consent Manager is included in Appodeal SDK by default. Consent will be requested automatically on SDK initialization, and consent form will shown if it is necessary without any additional calls.
If you would like to customize consent managing logic, call the Appodeal initialize method and pass the value of your received consent.
1. If you use the Stack Consent Manager API to process and pass the user's consent:
Publishers need to pass the Consent result object from Stack Consent Manager SDK to the initialize
method of our SDK.
let report = STKConsentManager.shared().consent! Appodeal.initialize(withApiKey: YOUR_APPODEAL_APP_KEY, types: adTypes, consentReport: report)
2. If You Don't Want To Use Stack Content Manager SDK, You Can Use The Old Version To Pass The User's Consent:
Publishers need to pass the boolean consent flag(with 'false' meaning that the user refused to give consent) to the +initialize method of our SDK.
import Foundation import Appodeal /// ... // Complicated asynchronous custom logic of // consent and ATT priming Appodeal.updateUserConsentGDPR(.personalized) // Appodeal.updateUserConsentCCPA(.optIn) // Appodeal will not show own dialog at this way Appodeal.initialize( withApiKey: "APP_KEY", types: .interstitial )
Manage Consent Manually
If you wish, you can manage and update consent manually using Stack Consent Manager calls.
Synchronising
Consent manager SDK can be synchronized at any moment of application lifecycle. We recommend to synchronize it at application launch. Multiple synchronization calls are allowed.
Import StackConsentManager/StackConsentManager.h
in AppDelegate.m
import StackConsentManager
-application:didFinishLaunchingWithOptions:
.
/// Initialisation class YourAppDelegate: AppDelegate { override func application( _ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey : Any]? ) -> Bool { STKConsentManager.shared().synchronize(withAppKey: "Your app key") { [unowned self] error in error.map { print("Error while synchronising consent manager: \($0)") } guard STKConsentManager.shared().shouldShowConsentDialog == .true else { // Initialise SDK here return } // Load and present consent dialog } return true } }
APP_KEY
is required parameter (Appodeal APP Key)completion
is block that invokes after synchronization
After synchronization completion, you can receive information about the previous user consent and regulation zone. Before synchronization these parameters are undefined
// Check regulation let regulation = STKConsentManager.shared().regulation // Check consent status let status = STKConsentManager.shared().consentStatus // Available after first show (synchronisation is required) let consentString = STKConsentManager.shared().iabConsentString
Advanced
You can force consent manager to write iAB keys in NSUserDefaults
by setting up storage property before synchronization to STKConsentDialogStorageUserDefaults
SDK does not remove iAB keys from NSUserDefaults and only overrides them
// Store IAB strings in user defaults // should be called before synchronize STKConsentManager.shared().storage = .userDefaults
You can register yourself as a vendor before synchronization.
Parameter | Type | Description |
---|---|---|
id | Integer | iAB id. If you are not registered as iAB vendor you can use custom id |
name | String | Display name. Will be displayed in the consent window |
status | String | Custom string to check consent result for a specific vendor |
purposesIds | Array of integers | iAB purposes ids array |
featuresIds | Array of integers | iAB features ids array |
legIntPurposeIds | Array of integers | iAB leg int purposes ids array |
// Register custom vendor (will be displayed on consent window) // should be called before synchronize STKConsentManager.shared().registerCustomVendor { builder in let _ = builder .appendPolicyURL(URL(string: "https://cmg.com/privacy")!) .appendName("My app") .appendBundle("com.app.bundle") .appendPurposesIds([1, 2, 3]) .appendFeaturesIds([5, 6]) .appendLegIntPurposeIds([1]) }
SDK only allows calling consent window api after synchronization
After SDK has been synchronized, you can load the consent window. Loading is allowed in any regulation zone and independent from previous consent.
// Load and present consent dialog STKConsentManager.shared().loadConsentDialog { [unowned self] error in error.map { print("Error while loading consent dialog: \($0)") } guard let controller = UIApplication.shared.keyWindow?.rootViewController, STKConsentManager.shared().isConsentDialogReady else { // Initialise SDK here return } STKConsentManager.shared().showConsentDialog(fromRootViewController: controller, delegate: self) }
Displaying Consent Dialog
You can check if the consent window is ready.
// Indicates that consent window ready to present let isReady = STKConsentManager.shared().isConsentDialogReady
When the consent window Is ready you can present it from the top view controller
// Show consent dialog STKConsentManager.shared().showConsentDialog(fromRootViewController: controller, delegate: self)
Handling presentation callbacks
/// Get consent manager presentation callbacks class YourViewController: UIViewController, STKConsentManagerDisplayDelegate { // MARK: STKConsentManagerDisplayDelegate func consentManagerWillShowDialog(_ consentManager: STKConsentManager) {} func consentManager(_ consentManager: STKConsentManager, didFailToPresent error: Error) { // Something went wrong initializeAppodealSDK() } func consentManagerDidDismissDialog(_ consentManager: STKConsentManager) { // Resume app initializeAppodealSDK() } }