Android how to comply with GDPR (admob publishers) ?

F

Farouk

Guest
Hi
i hope this is not an unrelated question

As an admob pulisher
i got a notification from Google today that i must comply with the GDPR eurpean law before may 25 2018

do i have to include a notice in my andriod game for example?
or how exactly can i comply with that if i publish admob ads on my game?
 

DigiChain

Member
Yeah, I had the same notification.
It doesn't seem clear what we need to do (if anything) at the moment, but it mentions some new tools will be added soon - so for now I guess we just wait and see...
 
F

Farouk

Guest
Yeah, I had the same notification.
It doesn't seem clear what we need to do (if anything) at the moment, but it mentions some new tools will be added soon - so for now I guess we just wait and see...
you are right

i reached the same conclusion
let's wait and see what tools they will offer
 

Mert

Member
In case you're interested in what it means, it's basically Google telling you "we're now giving EU users to control what is being recorded[cookies etc.], thus EU users now be able to delete their records regarding ads policies(especially interests since companies use your internet search for targeting ads). Also, you can choose which third parties measure and serve ads(isn't that already available, huh ?)

Therefore, Google brings up an optional alternative solution to Ads distribution called non-personalized ads. I assume it's basically the same ads, but not targeted for specific users(like male users seeing sanitary pads ads??)

And again, users can request to be deleted from Google Analytics. Also there's limitation for personal information retrieved from children.

Overall, good! No worries I guess.
 
S

Smarty

Guest
More information to come: https://ppc.land/google-is-changing-the-ad-and-analytics-products-to-be-compliant-with-gdpr/

GDPR is a broad protection measure for EU citizens with regard their rights on their personal data collected by online businesses. In particular, it allows EU citizens to request what personal data they have, and allows them to modify or delete that information. There are now rules for explicit consent to collect or use that data, and requirements to make clear to them what the data is used for. There are also strict conditions under which personal data collected may be shared with third parties. Companies can face enormous fines for not complying with the GDPR. The extend of this law is beyond the EU - any business outside of the EU who collects data on citizens within must comply with the law, or be blocked from the European market.

I don't think some people realize how the GDPR is a tremendously good thing for EU citizen's rights. Under the GDPR, Facebook would have had hell to pay for their carelessness on their user's personal data. The GDPR is, however, a big problem to how many online businesses operate (I should know, I'm in a company that develops research software and we're working hard to make changes to comply).

Since I do not have Admob I can't comment directly on why this is relevant to Admob publishers, unless it is actually possible for you to collect personally identifiable information on your users through Admob services. Maybe Admob does that, but then again it is up to them to discard that information if explicitly requested by the end user.
 
  • Like
Reactions: Yal
H

HW.

Guest
The topic is very relevant.
Who makes what changes?
Apparently, now we need user permissions when opening the application to display ads, for example, AdMob?
https://developers.google.com/admob/android/eu-consent
That Google link you shared describes that codes on our Admob extension should be modified to present the EEA users a consent notification inside the game when player launching the game everytime they start the app, before the extension wants to call the ads slot to display the ads.

And the important thing, the EEA players must also be able to change the setting to personalised or non-personalized ads inside the game. The procedure should be done before Admob codes can display ads on our app/game.

So the changes should be made on the java codes in our Admob extension a.k.a new update for the google ads extension. And the deadline is May 25th 2018.
 

Andrey

Member
Yes!
And someone already does this (sets these permissions in their own applications?) What dialogs do you use, how do you relate to the design?
An interesting experience.
 
H

HW.

Guest
I don't implement it yet. It seems the consent SDK should be injected on the admob java codes, and then it will display a full screen dialog from Google SDK for that GDPR thing which EEA players then can choose the setting for the ads. I also don't understand about the limit of 12 "technology ads provider" written on that page for consent SDK to work. And there is also alternative for not using consent SDK which might be more complicated to manually draw some texts or buttons and adjust the settings?
 
H

HW.

Guest
ATTENTION !
Dangerous!
Warning!

I just read this following posts about related to GDPR.

YOU ALL indie developers should also read this if you are using Ads or Analytics or anything tracking SDKs!!

or you all will be bankrupt sued by a regular player of your game!!!!

Please READ these posts:
(Relevant to GDPR 2018 May 25, 2018)

http://blog.soomla.com/2017/12/gdpr-101-for-mobile-app-or-how-to-avoid-a-e20m-fine.html

https://www.gamesindustry.biz/artic...ens-data-lands-subway-surfers-studio-in-court

With kids making up a significant portion of mobile audiences, games developers would do well to ensure their titles are compliant with COPPA. Previous violations of the act have led to fines of $500,000 for Broken Thumbs, $300,000 for TinyCo, and $250,000 for RockYou.
The lesson today for us is don't ever underestimate the GDPR, COPPA, OR ANY LEGAL MATTERS related to privacy in European countries.

You have been warned!

#GDPR From the articles i read Disney was sued, Subway Surfers was sued..., many top companies including Facebook, Google, etc don't sleep to comply the privacy related laws.

How about you indie gamedevs using GameMaker engine?

Analytic SDK users, Firebase SDK users, Admob SDK users, you have been warned once again today with this post if you are reading this!

Let's comply for the next 3-weeks....

:confused: ~headache, will be hectic day updating all apks
 
W

Wraithious

Guest
Well I've said this before for other reasons, but now in light of this thread here's yet another reason to stop using admob, use unity ads.
They take care of it for you. But if you *must* use other ads as well they can even help you with that too.
https://unity3d.com/legal/gdpr
 
H

HW.

Guest
I agree! But unfortunately, in Unity there are no banners. And not for all games are good interstitials.
I think both are good in their own cases, although if you ask me personally my app can't live without Admob but it can live without Unity Ads.

I use both of Admob and Unity Ads by the way, but statistically what works for me is 99.99percent the winner is still Admob banner that gives me real results while my Unity Ads (rewarded video) doesn't work well for my projects (very low, almost nothing that i prefer discontinuing the use of it). I am sure your cases might be different than mine.

I think Google has already offered solutions and want to provide us the open source tools to help us with the consent SDK. But it is still in the process of being updated from time to time.

I read that for Adsense and web ads they say the tools for publishers regarding the GDPR are ready on May 7th. and for Admob or app follows after.

For admob, we need to import the consent SDK, and implement it, and let the Google technology in the SDK does the rest.

For Unity Ads, it seems they ease the process for displaying the consent dialog on each first ad shown. It looks like we don't need to update the SDK for the changes. But, in case you aren't aware of, they wrote on their faqs that they also require the publishers to use "their latest SDK" to get personalized ads (which more targeted a.k.a. pays more). If you still use old Unity Ads 1.5 SDK, it will be automatically non personalized which is contextual or less targeted, which is "lower" in the eyes of advertisers.

I agree with Smarty said,
I don't think some people realize how the GDPR is a tremendously good thing for EU citizen's rights. Under the GDPR, Facebook would have had hell to pay for their carelessness on their user's personal data. The GDPR is, however, a big problem to how many online businesses operate (I should know, I'm in a company that develops research software and we're working hard to make changes to comply).
From what i can relate to, the following quote might be the "big problem" to solve that must comply to the new rules by governments, according to the blog article at http://blog.soomla.com/2017/12/gdpr-101-for-mobile-app-or-how-to-avoid-a-e20m-fine.html
Everything is personal

One thing that the GDPR makes very clear is that all device identifiers including IDFA (Apple devicesā€™ ID for advertising), GAID (Googleā€™s advertising ID) and IP address are now considered personal data and any data stored with it in the same record should also be considered personal. This have been a gray area a few years ago but was getting less and less gray in recent years. With GDPR there is zero doubt about this. For app companies and, advertising companies and analytics companies this means that all data becomes personal and should be treated as such.
 
Last edited by a moderator:
A

Agreeable

Guest
Never made a single cent off of any of my Android games, so I'll be pulling them down as a result of this change.

Much easier than modifying by removing Admob and re-uploading.
 
F

Famine

Guest
Heyo,

I can help shed some light on this for non SDK stuff (which might I add, you may have to add a way for users to opt-out or change the way you are collecting data for them as mentioned previously from other posters).

These new regulations impact anyone doing business with EU citizens. If you make a game that stores EU personal identifiable information in any way, shape or form, then you must comply to the regulations. This may mean having to create new systems that hash and do encryption of personal data, have the ability to ensure confidentiality, integrity, and availability, and processes to test the effectiveness of security measures.

This may also mean keeping a written (electronic) record of personal data processing activities, capturing the lifecycle of the data and the name and contact details of the data controller along with forcing you to attain explicit consent from individuals regarding the processing of their data, and companies will no longer be able to use long, illegible terms and conditions.

You may be thinking, "Well, I don't really store PII data anyways, but I do store non-PII data for sure." Please bear in mind, the definition of ā€˜personal dataā€™ has widened and now explicitly includes online identifiers such as IP addresses and mobile device identity. It can also include things like sexual orientation, religious views, zip codes, and so forth. Data you may collect for marketing or general analytical purposes.

Also, if you ever plan to scale or reach more audiences in the future. You may want to look at what this means if your games take off too.

You Have To Be Responsible

With these regulations, you also have to ensure any third-party or vendors you use are also complaint. This is part of the reason Google is reaching out to you if you have an open account with them. They are walking you through the process to ensure you are aware and even in some cases, compliant with how they are collecting and processing data for your customers/users. This is all part of the process to ensure that even if you don't do anything with the data, that you are ensuring the partners you use are also compliant. If you don't ensure this, then you can be liable for neglecting your customers and putting them in harms way with their PII information.

Don't take this lightly guys. Be aware. Plenty of documentation on the internet.
 
Last edited by a moderator:
  • Like
Reactions: HW.
F

Famine

Guest
it remembers me the GMS2 option "Allow anonymous Game Statistics" which enabled by default ? (https://docs2.yoyogames.com/index.html?page=source/_build/index.html)

it collects user data for Yoyo from your application => what is GDPR impact for this ?
may be Yoyo should change the default setting to disabled ?
We all have to reach out to find out more information about it. We have a responsibility to ensure if they are doing this, they are compliant as I mentioned above in my post. Compliant may mean providing a way for customers to opt-out or just provide us with information about how they are storing this anonymous data to ensure it's truly anonymous, which it very may well be.
 
H

HW.

Guest
For Google Adsense in case you also have some websites that displays Google Ads (i assume you are all that have Admob account, also have Adsense and Adwords accounts too for an Admob account can be created when you signed up). The web tool is already available to choose (personalized or non-personalized ads for EEA users).

Adsense dashboard > Allow and block ads > All my sites > EU user consent

I choose non-personalized for my Adsense websites for users in the EEA so that i don't get more headache about my websites and can focus on Admob. But both options you choose there, it also requires you some consent dialogs to be displayed too, but the non-personalized one seems to be less complicated than the personalized one. This option case i am talking about is specifically for Adsense for websites (not Admob for app/games).

For admob on our Android games, it looks like that we still need an "in-game consent dialog from the consent SDK's full source" to be released by Google in github so that we can include and implement it on our admob extension, read more at https://developers.google.com/admob/android/eu-consent
 
Last edited by a moderator:

DigiChain

Member
So, would just removing our apps from sale/download in the affected EU countries be sufficient (until we are able to update with compliant SDKs)?
Or would the previous non-compliant downloads that still exist on peoples devices be a cause for concern - and if so, how on earth can anyone be compliant under these new laws??
 
F

Famine

Guest
So, would just removing our apps from sale/download in the affected EU countries be sufficient (until we are able to update with compliant SDKs)?
Or would the previous non-compliant downloads that still exist on peoples devices be a cause for concern - and if so, how on earth can anyone be compliant under these new laws??
Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. Two points of clarification. First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.

The organization would have to target a data subject in an EU country. Generic marketing doesnā€™t count. For example, a Dutch user who Googles and finds an English-language webpage written for U.S. consumers or B2B customers would not be covered under the GDPR. However, if the marketing is in the language of that country and there are references to EU users and customers, then the webpage would be considered targeted marketing and the GDPR will apply.

Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl from the Netherlands -- would certainly seal the case.

Quoted most of that from another article. For you, if you're not targeting them, then it's fine. If you are, you need to be compliant. BUT KEEP IN MIND! If you are using a third-party to handle your transactions and they provide consumers with opportunities to pay in pretty much any currency on your behalf, it may give off the impression that you are targeting them as EU citizens.
 

Andrey

Member
Excellent!
Now it remains to wait for the updates of the extensions. I myself do not understand Java/Android. :confused:
 
H

HW.

Guest
Excellent!
Now it remains to wait for the updates of the extensions. I myself do not understand Java/Android. :confused:
I have no idea too, as i am trying to contact the maker of the related extension i am using.

But if the consent SDK is too much complicated, it seems that at minimum we should add the NPA (non-personalized ads) tag between some lines of java codes of the extension.

As described on https://developers.google.com/admob/android/eu-consent#forward_consent_to_the_google_mobile_ads_sdk

Code:
Bundle extras = new Bundle();
extras.putString("npa", "1");

AdRequest request = new AdRequest.Builder()
        .addNetworkExtrasBundle(AdMobAdapter.class, extras)
        .build();
But using the NPA, also still needs us to display consent dialog too, but it seems it is not too complicated as the PA, which needs to tell users about mobile ad identifiers (like cookies) according to ePrivacy Directive law (similar to GDPR, but it looks like, implicitly, not so explicit). CMIIW

Does it need:
" import android.os.Bundle"
to be added to the java extension?

And how to insert it on the Adrequest code which is already written on the extension?

This thread is viewed by more than 1800 times so far i am writing this. I hope others that know java codes, give some hints for us to insert the NPA tag to the extension, because the deadline is so near..
 

Maximiliano

Member
I'm working on making an extension to use the consent SDK, but since it's my first extension I don't know how long it'll take me to get it to work (If I ever get it to work). If anyone else comes up with a solution and wants to share it would be greatly appreciated. :)
 
H

HW.

Guest
I'm working on making an extension to use the consent SDK, but since it's my first extension I don't know how long it'll take me to get it to work (If I ever get it to work). If anyone else comes up with a solution and wants to share it would be greatly appreciated. :)
You can start from the docs at https://developers.google.com/admob/android/eu-consent

and last but not least also you will want to do some examinations with the issues occuring while implementing it at https://github.com/googleads/googleads-consent-sdk-android/issues

Good luck
 

Mool

Member
I'm working on making an extension to use the consent SDK, but since it's my first extension I don't know how long it'll take me to get it to work (If I ever get it to work). If anyone else comes up with a solution and wants to share it would be greatly appreciated. :)
One more day left.
 
H

HW.

Guest

Electros

Member
I've rolled out updates to my mobile games disabling ad functionality for the time being, till I have a clearer view of an elegant and compliant solution to implement.
 

Yal

šŸ§ *penguin noises*
GMC Elder
The gist of the GDPR is that you need to tell users what info you're collecting, and what you're gonna use it for... and not lie. Also you need to provide users a way to see what data you have, and delete data they don't want you to have. There's more to it, that's basically the TLDR of the legalese.

So to comply, you roughly (read the legal text for the actual details) need to:
  • Tell users WHY you collect data and WHAT data you will collect (this can be done informally on a splash screen and then you put the legalese version in an EULA readme or such)
  • Provide a way to let users request the data you currently have (a cumbersome way like e-mail or paper mail is technically enough and will reduce the amount of people that bother)
  • If someone requests you to delete all data about them, do it.
Worth noting is that if you anonymize the data so that it's impossible to tell who provided it, you've got much more freedom about what to do with it. Normal app use statistics might be fine under these terms, but if you allow users to enter their name or such (or credit card details for that matter), you need to handle it much more carefully.
 
H

HW.

Guest
SO...okay, in the last hours or minutes... I also want to unpublish my games in the related countries!

Time is running fast.... This would be a temporary solution for me, as i will go on doing the consent things.

So, for anyone else who wants to UNPUBLISH your games in the EEA countries,
here are the lists of them ( i found hard to get the full complete list on google search, so i want to share this here for you all guys Play store publishers)

The EEA Agreement brings together the 28 EU Member States and the three EEA EFTA states (Iceland, Liechtenstein and Norway)

28 EU Member states are:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

And + the three EEA EFTA states (Iceland, Liechtenstein and Norway)

then, it should be all = 31.

OKAY, let's go to your Google Play Developer Console, and Unpublish a.s.a.p (IF you are not ready yet as me and others else)

This is so near to May 25th... last minutes :confused::bash:

EDIT: **No need to select the unpublish button on the console, just edit countries guys!**

Select App > Store Presence > Pricing & Distribution > Manage Countries

Untick the specific boxes one by one: [x] Unavailable [ ] Available

If it is already:
Unavailable countries 31
Available countries 112

Then .........

Submit Update!

Cheers as of now! :p (what a temporary solution to be safe :( )

btw,

"I'll be back" - The Terminator :cool:
 
Last edited by a moderator:
I

icebox91

Guest
So I guess from reading that we should wait for them to update the extension. How often do they update the extensions ? will we see the Google Consent SDK soon?
 
J

J_Dev

Guest
I think that YoYo is letting things settle to give their users the best advice on how to comply with GDPR using their extension. I'm expecting the Google extension will be updated once that is established.
 
W

Wraithious

Guest
So, would just removing our apps from sale/download in the affected EU countries be sufficient (until we are able to update with compliant SDKs)?
Or would the previous non-compliant downloads that still exist on peoples devices be a cause for concern - and if so, how on earth can anyone be compliant under these new laws??
That's correct, deleting them off Europe downloads should be good enough, for now, be aware tho that this is only the beginning, mark my words that within a year or 2 at most this is going to spread like wildfire and these new 'laws' will be adopted by other countries one by one, the true way to avoid all this is keep your ads sdk's and extensions updated and update your apps and games on the playstore before the legal deadlines hit (Europe's deadline has already passed, so obviously I'm talking about the future) I made an ads extension for unity ads and implemented it in all my playstore games and apps that use ads, and put it up on the marketplace for cheap if anyone needs it.
 
Top