We’ve released a number of updates regarding the launch of the EU's GDPR, which came in to force on the 25th May, 2018.
Our approach has been wholistic, and has focussed on three key areas:
- Providing app publishers with the tools they need to become GDPR-ready.
- Working with our third party demand partners to ensure opt-in information is handled correctly.
- Ensuring Tapdaq is GDPR-ready.
Providing app publishers with the tools they need to become GDPR-ready.
We released an SDK update on 15th May, which included GDPR-ready adapters from a number of our demand partners, along with functionality which enables publishers to pass the user consent flag status through to Tapdaq.
This SDK update is not mandatory, but is strongly recommended as some demand sources will stop displaying ads within the EU if you are not using a GDPR-ready version of their adapter (see details further down this page for more information).
As an app publisher it is your responsibility to determine if and how user consent is captured, and as such you have the freedom to define the content, design, location and timing of any permission screen you integrate in your products.
Finally, we appreciate that the EU’s GDPR will in many cases require changes to your app’s user experience/onboarding. As much as we would love to help and advise on GDPR readiness on a case by case basis, sadly, we are not a legal advisor.
If your company’s legal team do have any specific GDPR related questions, please send these to email@example.com and our legal team will be happy to help.
Working with our third party demand partners to ensure opt-in information is handled correctly.
Tapdaq has worked side by side with all of our supported demand partners to give publishers as much clarity as possible on each monetisation partner's stance when it comes to GDPR. Please see the list below for a network by network break down:
AdColony SDK 3.x supports GDPR and will not require an AdColony SDK update; however, if a publishing partner is collecting consent, they will need to update their integration to pass data subject requests for information or requests to remove their consent we have claimed based on our legitimate interest (i.e. forget, do not store, do not process). Publishers on the old 2.x SDK will need to update to 3.x SDK to pass consent parameters.
AdColony’s full GDPR information page is available here.
UPDATE: AdColony will be providing a GDPR-ready SDK release (v3.3.4) on 18th May, this will be included in our 6th June release. This release will include new consent flags to match the IAB framework that was released at the end of April. As AdColony are operating under legitimate interest, this SDK update is not mandatory and ads will continue to be served regardless of whether consent is obtained/the SDK is updated.
At this time, no SDK update is required. Full details are available here.
UPDATE: AdMob has now provided details on how consent can be passed through to the Google Mobile Ads SDK. We will be adding support for this consent flow in our 6th June release.
AppLovin have released an updated SDK which supports user consent flags. This SDK update was included in our 15th May SDK release.
More information on AppLovin’s GDPR approach can be found here.
Chartboost have released an updated SDK, which was included in our 15th May update. Their SDK update will include a new public API method through which game developers will pass Chartboost details on whether consent has been provided or revoked. It is the responsibility of developers to pass that value to Chartboost’s SDK so they can adjust their behavior appropriately.
Chartboost’s SDK will remember this setting through game sessions, but the developer can always call that same API method to update it at anytime.
More information on Chartboost’s GDPR approach can be found here.
Facebook Audience Network
Facebook's GDPR stance is as follows:
‘Facebook may process personal data in connection with Facebook Audience Network under several different legal bases, including consent. Facebook receives consent from Facebook users through our platform for purposes such as targeting ads based on OBA data on Facebook Audience Network. Our SDK doesn't play a role in requesting/receiving consent.
We are not asking Facebook Audience Network publishers to request consent on Facebook's behalf for the purpose of processing personal data. Facebook manages users' preferences around ads through Facebook's system. While consent is binary, not providing consent for certain processing (e.g. processing of OBA data) does not mean that Facebook Audience Network will not fill an ad opportunity. Facebook may use a different data set (e.g. demo data) to target that ad for which Facebook may have a separate legal basis for processing the data.’
HyprMX do have an SDK update coming in the coming months, but this will not be mandatory. HyprMX will not serve ads in the EU that require end user consent until this SDK release is ready.
InMobi have released a mandatory SDK update, which was included in our 15th May release.
More information on InMobi’s GDPR approach can be found here.
ironSource do not require consent in order to show ads from their own demand pool.
More information on ironSource’s GDPR approach can be found here.
MoPub have provided a GDPR-ready version of their SDK, which was included in our 15th May update. At this time, you must notify MoPub that you are using your own methods for capturing user consent, and ensure this consent response is passed to them correctly via the methods provided by Tapdaq.
More information on MoPub's GDPR approach can be found here.
Kiip only show demand to US based users, and as such, do not control or process data from the EU. No GDPR specific SDK updates will be required.
Receptiv's platform only delivers ads to users in North America, so we are not storing or processing data on users in the EU who are covered under GDPR.
For any users that are identified by our platform as being from outside North America, we strip any incoming requests of all personally identifiable information. Additionally, any SDK requests that originate from the EU are never routed back to the US to be processed, and any information sent along with those requests is destroyed in the EU.
Tapjoy is relying on legitimate consent as a basis for all publishers who are not collecting consent.
However, Tapjoy will still be releasing an SDK update (v11.12.2) which will be included in Tapdaq’s 6th June release, and will enable Tapdaq to pass consent flags to Tapjoy.
If you are using Unity Ads SDK 2.0 (all Tapdaq SDK versions support v2.0 or higher) or newer, GDPR-related changes will be automatically available to you no later than May 25, 2018. If you are using SDK 1.5 or older, we recommend that you update the SDK; otherwise, Unity can only serve contextual ads for your players.
More information on Unity’s GDPR approach can be found here.
Vungle have released an SDK update which is GDPR-ready, and was included in our 15th May SDK update.
To comply with GDPR, developers using Vungle have two options:
- Option 1 (recommended): Publisher controls the GDPR consent process at the user level, then communicates the user’s choice to Vungle. To do this, developers can collect the user’s consent using their own mechanism, and then use Vungle APIs to update or query the user’s consent status. (Tapdaq handles this process within our SDK, providing you pass consent to us).
- Option 2: Allow Vungle to handle the requirements. Vungle will display a consent dialog before playing an ad for a European user, and will remember the user’s consent or rejection for subsequent ads.
YouAppi have released a GDPR-ready SDK, which was included in our 15th May update.
Ensuring Tapdaq is GDPR-ready.
These updates will be shared via both email, and the Tapdaq dashboard.
From an ad serving perspective, Tapdaq does not require end user consent for cross promotion ad serving. We have a legitimate interest when using pseudonymised personal data, as it enables us provide a responsible and non-intrusive ad experience for the end user.
For example, we are able to frequency cap ads appropriately, and provide performance data to our publishers to help them ensure the content they show is as relevant and engaging as possible.
Can I request to have data removed from Tapdaq?
Yes, you can. Whether you’re a publisher using the Tapdaq service, or an end user that has installed an application which has the Tapdaq SDK integrated, we fully respect your right to be forgotten.
Please send all requests to firstname.lastname@example.org, and your request will be processed within 28 days.