Skip to main content
Version: 3.4.0

GDPR and CCPA

info

Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance.

The General Data Protection Regulation, better known as GDPR, took effect on May 25, 2018. It's a set of rules designed to give EU citizens more control over their personal data. Any businesses established in the EU or with users based in Europe are required to comply with GDPR or risk facing heavy fines. The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. We have put together some guidelines to help publishers understand better the steps they need to take to be GDPR compliant.

You can learn more about GDPR and CCPA and their differences here.

Step 1. Update Privacy Policy

Include Additional Information To Your Privacy Policy

Don’t forget to add information about IP address and advertising ID collection, as well as the link to Appodeal’s privacy policy to your app’s privacy policy on the App Store.

To speed up the process, you could use privacy policy generators - just insert advertising ID, IP address, and location (if you collect users’ location) in the Personally Identifiable Information you collect field (in line with other information about your app) and the link to Appodeal’s privacy policy in the Link to the privacy policy of third party service providers used by the app field.

Add A Privacy Policy To Your Mobile App

You must add your explicit privacy policies in two places: on your app’s Store Listing page and within your app.

You can find detailed instructions on adding your privacy policy to your app on legal service websites. For example, Iubenda, the solution tailored to legal compliance, provides a comprehensive guide on including a privacy policy in your app.

Make sure that your privacy policy website has an SSL certificate—this point might seem obvious, but it’s still essential.

Here are two useful resources that you can utilize while working on your app compliance:

note

Please note that although we’re always eager to back you up with valuable information, we’re not authorized to provide any legal advice. It’s important to address your questions to lawyers who specialize in this area.


info

Since Appodeal SDK 3.2.1 it is fully compatible with Google UMP and supports IAB TCF v2.

In order for Appodeal and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent in the regions covered by GDPR.

To get consent for collecting personal data of your users, we suggest you use a ready-made solution - Stack Consent Manager based on Google User Messaging Platform (UMP).

Configure Google UMP

Before you start, you need to configure Google UMP. Follow this instruction to setup a consent form.

Stack Consent Manager comes with a pre-made consent window that you can easily present to your users. That means you no longer need to create your own consent window.

Starting from Appodeal SDK 3.0, Stack Consent Manager is included by default.

Consent will be requested automatically on SDK initialization, and consent form will be shown if it is necessary without any additional calls.

Please keep in mind that Consent will be shown only in the EU region, you can use VPN for testing.

This means that Appodeal SDK integration code remains the same:

override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
Appodeal.initialize(activity, appKey, adTypes, object : ApdInitializationCallback {
override fun onInitializationFinished(list: List<ApdInitializationError>?) {
//Appodeal initialization finished
}
})
}

Advanced

Stack Consent Manager is included in Appodeal SDK by default. Consent will be requested automatically on SDK initialization , and consent form will be shown if it is necessary without any additional calls.

You can still use your own Consent Manager or customize ours by following the steps below.

If you wish, you can manage and update consent manually using Stack Consent Manager calls.

To update the consent, call the method:

override fun onCreate(savedInstanceState: Bundle?) {
ConsentManager.requestConsentInfoUpdate(
parameters = ConsentUpdateRequestParameters(
activity = YourActivity@ this,
key = YOUR_APP_KEY,
tagForUnderAgeOfConsent = false,
sdk = "Appodeal",
sdkVersion = Appodeal.getVersion()
),
callback = object : ConsentInfoUpdateCallback {
override fun onUpdated() {
// User's consent status successfully updated.
}

override fun onFailed(error: ConsentManagerError) {
// Initialize the Appodeal SDK with default params.
}
}
)
}
tip

requestConsentInfoUpdate can be requested at any moment of the application lifecycle. We recommend call request it at the application launch. Multiple request calls are allowed.

note

Required parameters: YOUR_APP_KEY - Appodeal app key, you can get it in your personal account;

ConsentUpdateRequestParameters - Data class representing the parameters for a consent update request in the Appodeal Consent Manager. Use this class to encapsulate the necessary information for updating consent preferences. Params:

  • activity - Activity The activity in which the consent update is requested.
  • key - The key associated with the user for whom the consent is being updated.
  • tagForUnderAgeOfConsent - Optional. Indicates whether the user is tagged for under the age of consent. Set to true if the user is under the age of consent, otherwise set to false or null.
  • sdk - Optional. The identifier for the SDK making the consent update request.
  • sdkVersion - Optional. The version of the SDK making the consent update request.

ConsentInfoUpdateCallback - listener for result request.

After consent info was updated you may check the current consent status:

val status: ConsentStatus = ConsentManager.status
info

Enum class representing the possible consent statuses in the Appodeal Consent Manager.

  • Unknown - Represents an unknown consent status;
  • Required - Represents a required consent status;
  • NotRequired - Represents a not required consent status;
  • Obtained - Represents an obtained consent status.

Can show personalized ads

You may check whether ads can be shown based on the current consent status using:

ConsentManager.canShowAds()
note

If the user is not within the scope of laws restricting the collection of personal data (ConsentStatus.NotRequired) or the consent form has already been displayed and a response from the user has been received(ConsentStatus.Obtained) then canShowAds() returns true, indicating, that the ad can be shown, otherwise it returns false.

You may load and receive ConsentForm using following code:

ConsentManager.load(
context = YourActivity@this,
successListener = object : OnConsentFormLoadSuccessListener {
override fun onConsentFormLoadSuccess(consentForm: ConsentForm) {
// Consent form was loaded. Now you can display consent form as dialog
}
},
failureListener = object : OnConsentFormLoadFailureListener {
override fun onConsentFormLoadFailure(error: ConsentManagerError) {
// Consent form loading or showing failed. More info can be found in 'error' object
// Initialize the Appodeal SDK with default params.
}
}
)

After the consent window Is ready you can show it.


consentForm.show(
activity = InterstitialActivity@this,
listener = object : OnConsentFormDismissedListener {
override fun onConsentFormDismissed(error: ConsentManagerError?) {
// Consent form loading or showing failed, or it does not required.
// More info can be found in 'error' object
}
}
)

Load and show if required

You may also load the form and immediately show it if required

ConsentManager.loadAndShowConsentFormIfRequired(
activity = YourActivity@this,
dismissedListener = object : OnConsentFormDismissedListener {
override fun onConsentFormDismissed(error: ConsentManagerError?) {
// Consent form loading or showing failed, or it does not required. More info can be found in 'error' object
}
}
)

You may reset the consent status to unknown, using method:

ConsentManager.revoke(context = YourActivity@this)
info

Params: context - The context in which consent is revoked.