Android how to comply with GDPR (admob publishers) ?

Discussion in 'Game Design, Development And Publishing' started by Farouk, Mar 23, 2018.

Tags:
  1. Farouk

    Farouk Member

    Joined:
    Feb 7, 2018
    Posts:
    58
    Hi
    i hope this is not an unrelated question

    As an admob pulisher
    i got a notification from Google today that i must comply with the GDPR eurpean law before may 25 2018

    do i have to include a notice in my andriod game for example?
    or how exactly can i comply with that if i publish admob ads on my game?
     
  2. DigiChain

    DigiChain Member

    Joined:
    Jan 24, 2018
    Posts:
    36
    Yeah, I had the same notification.
    It doesn't seem clear what we need to do (if anything) at the moment, but it mentions some new tools will be added soon - so for now I guess we just wait and see...
     
  3. Farouk

    Farouk Member

    Joined:
    Feb 7, 2018
    Posts:
    58
    you are right

    i reached the same conclusion
    let's wait and see what tools they will offer
     
  4. Mert

    Mert Member

    Joined:
    Jul 20, 2016
    Posts:
    370
    In case you're interested in what it means, it's basically Google telling you "we're now giving EU users to control what is being recorded[cookies etc.], thus EU users now be able to delete their records regarding ads policies(especially interests since companies use your internet search for targeting ads). Also, you can choose which third parties measure and serve ads(isn't that already available, huh ?)

    Therefore, Google brings up an optional alternative solution to Ads distribution called non-personalized ads. I assume it's basically the same ads, but not targeted for specific users(like male users seeing sanitary pads ads??)

    And again, users can request to be deleted from Google Analytics. Also there's limitation for personal information retrieved from children.

    Overall, good! No worries I guess.
     
  5. Smarty

    Smarty Member GMC Elder

    Joined:
    Jun 21, 2016
    Posts:
    53
    More information to come: https://ppc.land/google-is-changing-the-ad-and-analytics-products-to-be-compliant-with-gdpr/

    GDPR is a broad protection measure for EU citizens with regard their rights on their personal data collected by online businesses. In particular, it allows EU citizens to request what personal data they have, and allows them to modify or delete that information. There are now rules for explicit consent to collect or use that data, and requirements to make clear to them what the data is used for. There are also strict conditions under which personal data collected may be shared with third parties. Companies can face enormous fines for not complying with the GDPR. The extend of this law is beyond the EU - any business outside of the EU who collects data on citizens within must comply with the law, or be blocked from the European market.

    I don't think some people realize how the GDPR is a tremendously good thing for EU citizen's rights. Under the GDPR, Facebook would have had hell to pay for their carelessness on their user's personal data. The GDPR is, however, a big problem to how many online businesses operate (I should know, I'm in a company that develops research software and we're working hard to make changes to comply).

    Since I do not have Admob I can't comment directly on why this is relevant to Admob publishers, unless it is actually possible for you to collect personally identifiable information on your users through Admob services. Maybe Admob does that, but then again it is up to them to discard that information if explicitly requested by the end user.
     
    Yal likes this.
  6. Andrey

    Andrey Member

    Joined:
    Jun 21, 2016
    Posts:
    278
  7. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    That Google link you shared describes that codes on our Admob extension should be modified to present the EEA users a consent notification inside the game when player launching the game everytime they start the app, before the extension wants to call the ads slot to display the ads.

    And the important thing, the EEA players must also be able to change the setting to personalised or non-personalized ads inside the game. The procedure should be done before Admob codes can display ads on our app/game.

    So the changes should be made on the java codes in our Admob extension a.k.a new update for the google ads extension. And the deadline is May 25th 2018.
     
    Famine and Andrey like this.
  8. Andrey

    Andrey Member

    Joined:
    Jun 21, 2016
    Posts:
    278
    Yes!
    And someone already does this (sets these permissions in their own applications?) What dialogs do you use, how do you relate to the design?
    An interesting experience.
     
  9. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    I don't implement it yet. It seems the consent SDK should be injected on the admob java codes, and then it will display a full screen dialog from Google SDK for that GDPR thing which EEA players then can choose the setting for the ads. I also don't understand about the limit of 12 "technology ads provider" written on that page for consent SDK to work. And there is also alternative for not using consent SDK which might be more complicated to manually draw some texts or buttons and adjust the settings?
     
  10. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    ATTENTION !
    Dangerous!
    Warning!

    I just read this following posts about related to GDPR.

    YOU ALL indie developers should also read this if you are using Ads or Analytics or anything tracking SDKs!!

    or you all will be bankrupt sued by a regular player of your game!!!!

    Please READ these posts:
    (Relevant to GDPR 2018 May 25, 2018)

    http://blog.soomla.com/2017/12/gdpr-101-for-mobile-app-or-how-to-avoid-a-e20m-fine.html

    https://www.gamesindustry.biz/artic...ens-data-lands-subway-surfers-studio-in-court

    The lesson today for us is don't ever underestimate the GDPR, COPPA, OR ANY LEGAL MATTERS related to privacy in European countries.

    You have been warned!

    #GDPR From the articles i read Disney was sued, Subway Surfers was sued..., many top companies including Facebook, Google, etc don't sleep to comply the privacy related laws.

    How about you indie gamedevs using GameMaker engine?

    Analytic SDK users, Firebase SDK users, Admob SDK users, you have been warned once again today with this post if you are reading this!

    Let's comply for the next 3-weeks....

    :confused: ~headache, will be hectic day updating all apks
     
  11. Andrey

    Andrey Member

    Joined:
    Jun 21, 2016
    Posts:
    278
  12. Wraithious

    Wraithious Member

    Joined:
    Jun 24, 2016
    Posts:
    1,166
    Well I've said this before for other reasons, but now in light of this thread here's yet another reason to stop using admob, use unity ads.
    They take care of it for you. But if you *must* use other ads as well they can even help you with that too.
    https://unity3d.com/legal/gdpr
     
  13. mjadev

    mjadev Member

    Joined:
    Jan 28, 2017
    Posts:
    51
  14. Andrey

    Andrey Member

    Joined:
    Jun 21, 2016
    Posts:
    278
    I agree! But unfortunately, in Unity there are no banners. And not for all games are good interstitials.
     
  15. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    I think both are good in their own cases, although if you ask me personally my app can't live without Admob but it can live without Unity Ads.

    I use both of Admob and Unity Ads by the way, but statistically what works for me is 99.99percent the winner is still Admob banner that gives me real results while my Unity Ads (rewarded video) doesn't work well for my projects (very low, almost nothing that i prefer discontinuing the use of it). I am sure your cases might be different than mine.

    I think Google has already offered solutions and want to provide us the open source tools to help us with the consent SDK. But it is still in the process of being updated from time to time.

    I read that for Adsense and web ads they say the tools for publishers regarding the GDPR are ready on May 7th. and for Admob or app follows after.

    For admob, we need to import the consent SDK, and implement it, and let the Google technology in the SDK does the rest.

    For Unity Ads, it seems they ease the process for displaying the consent dialog on each first ad shown. It looks like we don't need to update the SDK for the changes. But, in case you aren't aware of, they wrote on their faqs that they also require the publishers to use "their latest SDK" to get personalized ads (which more targeted a.k.a. pays more). If you still use old Unity Ads 1.5 SDK, it will be automatically non personalized which is contextual or less targeted, which is "lower" in the eyes of advertisers.

    I agree with Smarty said,
    From what i can relate to, the following quote might be the "big problem" to solve that must comply to the new rules by governments, according to the blog article at http://blog.soomla.com/2017/12/gdpr-101-for-mobile-app-or-how-to-avoid-a-e20m-fine.html
     
    Last edited: May 7, 2018
  16. Agreeable

    Agreeable Member

    Joined:
    May 4, 2018
    Posts:
    47
    Never made a single cent off of any of my Android games, so I'll be pulling them down as a result of this change.

    Much easier than modifying by removing Admob and re-uploading.
     
  17. Famine

    Famine Member

    Joined:
    Oct 15, 2017
    Posts:
    20
    Heyo,

    I can help shed some light on this for non SDK stuff (which might I add, you may have to add a way for users to opt-out or change the way you are collecting data for them as mentioned previously from other posters).

    These new regulations impact anyone doing business with EU citizens. If you make a game that stores EU personal identifiable information in any way, shape or form, then you must comply to the regulations. This may mean having to create new systems that hash and do encryption of personal data, have the ability to ensure confidentiality, integrity, and availability, and processes to test the effectiveness of security measures.

    This may also mean keeping a written (electronic) record of personal data processing activities, capturing the lifecycle of the data and the name and contact details of the data controller along with forcing you to attain explicit consent from individuals regarding the processing of their data, and companies will no longer be able to use long, illegible terms and conditions.

    You may be thinking, "Well, I don't really store PII data anyways, but I do store non-PII data for sure." Please bear in mind, the definition of ‘personal data’ has widened and now explicitly includes online identifiers such as IP addresses and mobile device identity. It can also include things like sexual orientation, religious views, zip codes, and so forth. Data you may collect for marketing or general analytical purposes.

    Also, if you ever plan to scale or reach more audiences in the future. You may want to look at what this means if your games take off too.

    You Have To Be Responsible

    With these regulations, you also have to ensure any third-party or vendors you use are also complaint. This is part of the reason Google is reaching out to you if you have an open account with them. They are walking you through the process to ensure you are aware and even in some cases, compliant with how they are collecting and processing data for your customers/users. This is all part of the process to ensure that even if you don't do anything with the data, that you are ensuring the partners you use are also compliant. If you don't ensure this, then you can be liable for neglecting your customers and putting them in harms way with their PII information.

    Don't take this lightly guys. Be aware. Plenty of documentation on the internet.
     
    Last edited: May 7, 2018
    HW. likes this.
  18. Famine

    Famine Member

    Joined:
    Oct 15, 2017
    Posts:
    20
    We all have to reach out to find out more information about it. We have a responsibility to ensure if they are doing this, they are compliant as I mentioned above in my post. Compliant may mean providing a way for customers to opt-out or just provide us with information about how they are storing this anonymous data to ensure it's truly anonymous, which it very may well be.
     
    clee2005 likes this.
  19. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    For Google Adsense in case you also have some websites that displays Google Ads (i assume you are all that have Admob account, also have Adsense and Adwords accounts too for an Admob account can be created when you signed up). The web tool is already available to choose (personalized or non-personalized ads for EEA users).

    Adsense dashboard > Allow and block ads > All my sites > EU user consent

    I choose non-personalized for my Adsense websites for users in the EEA so that i don't get more headache about my websites and can focus on Admob. But both options you choose there, it also requires you some consent dialogs to be displayed too, but the non-personalized one seems to be less complicated than the personalized one. This option case i am talking about is specifically for Adsense for websites (not Admob for app/games).

    For admob on our Android games, it looks like that we still need an "in-game consent dialog from the consent SDK's full source" to be released by Google in github so that we can include and implement it on our admob extension, read more at https://developers.google.com/admob/android/eu-consent
     
    Last edited: May 11, 2018
    Andrey likes this.
  20. DigiChain

    DigiChain Member

    Joined:
    Jan 24, 2018
    Posts:
    36
    So, would just removing our apps from sale/download in the affected EU countries be sufficient (until we are able to update with compliant SDKs)?
    Or would the previous non-compliant downloads that still exist on peoples devices be a cause for concern - and if so, how on earth can anyone be compliant under these new laws??
     
  21. Famine

    Famine Member

    Joined:
    Oct 15, 2017
    Posts:
    20
    Article 3 of the GDPR says that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of the GDPR. Two points of clarification. First, the law only applies if the data subjects, as the GDPR refers to consumers, are in the EU when the data is collected. This makes sense: EU laws apply in the EU. For EU citizens outside the EU when the data is collected, the GDPR would not apply.

    The organization would have to target a data subject in an EU country. Generic marketing doesn’t count. For example, a Dutch user who Googles and finds an English-language webpage written for U.S. consumers or B2B customers would not be covered under the GDPR. However, if the marketing is in the language of that country and there are references to EU users and customers, then the webpage would be considered targeted marketing and the GDPR will apply.

    Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl from the Netherlands -- would certainly seal the case.

    Quoted most of that from another article. For you, if you're not targeting them, then it's fine. If you are, you need to be compliant. BUT KEEP IN MIND! If you are using a third-party to handle your transactions and they provide consumers with opportunities to pay in pretty much any currency on your behalf, it may give off the impression that you are targeting them as EU citizens.
     
  22. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    Andrey likes this.
  23. Andrey

    Andrey Member

    Joined:
    Jun 21, 2016
    Posts:
    278
    Excellent!
    Now it remains to wait for the updates of the extensions. I myself do not understand Java/Android. :confused:
     
  24. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    I have no idea too, as i am trying to contact the maker of the related extension i am using.

    But if the consent SDK is too much complicated, it seems that at minimum we should add the NPA (non-personalized ads) tag between some lines of java codes of the extension.

    As described on https://developers.google.com/admob/android/eu-consent#forward_consent_to_the_google_mobile_ads_sdk

    Code:
    Bundle extras = new Bundle();
    extras.putString("npa", "1");
    
    AdRequest request = new AdRequest.Builder()
            .addNetworkExtrasBundle(AdMobAdapter.class, extras)
            .build();
    But using the NPA, also still needs us to display consent dialog too, but it seems it is not too complicated as the PA, which needs to tell users about mobile ad identifiers (like cookies) according to ePrivacy Directive law (similar to GDPR, but it looks like, implicitly, not so explicit). CMIIW

    Does it need:
    " import android.os.Bundle"
    to be added to the java extension?

    And how to insert it on the Adrequest code which is already written on the extension?

    This thread is viewed by more than 1800 times so far i am writing this. I hope others that know java codes, give some hints for us to insert the NPA tag to the extension, because the deadline is so near..
     
    Andrey likes this.
  25. Maximiliano

    Maximiliano Member

    Joined:
    Dec 11, 2017
    Posts:
    79
    I'm working on making an extension to use the consent SDK, but since it's my first extension I don't know how long it'll take me to get it to work (If I ever get it to work). If anyone else comes up with a solution and wants to share it would be greatly appreciated. :)
     
  26. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    You can start from the docs at https://developers.google.com/admob/android/eu-consent

    and last but not least also you will want to do some examinations with the issues occuring while implementing it at https://github.com/googleads/googleads-consent-sdk-android/issues

    Good luck
     
  27. Mool

    Mool Member

    Joined:
    Nov 6, 2016
    Posts:
    113
    One more day left.
     
  28. Toque

    Toque Member

    Joined:
    May 25, 2017
    Posts:
    1,006
    I removed my games from the EU stores until I figure it out.
     
  29. Andrey

    Andrey Member

    Joined:
    Jun 21, 2016
    Posts:
    278
    This is good if you do not invest in advertising in these countries. Such steps are then given easily. :)
     
  30. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    Not just you apparently.

    Hmm..:confused:

    https://www.reddit.com/r/androiddev/comments/8lj0h6/gdpr_google_play_app_shows_personalized_ads_how/

    And latest news and some comments on the following page is worth reading too,
    https://www.theverge.com/2018/5/23/17387146/instapaper-gdpr-europe-access-shut-down-privacy-changes

    and

    http://fortune.com/2018/05/23/gdpr-compliant-privacy-facebook-google-analytics-policy-deadline/
     
    Last edited: May 24, 2018
  31. Electros

    Electros Member

    Joined:
    Jul 19, 2016
    Posts:
    318
    I've rolled out updates to my mobile games disabling ad functionality for the time being, till I have a clearer view of an elegant and compliant solution to implement.
     
  32. Yal

    Yal GMC Memer GMC Elder

    Joined:
    Jun 20, 2016
    Posts:
    3,556
    The gist of the GDPR is that you need to tell users what info you're collecting, and what you're gonna use it for... and not lie. Also you need to provide users a way to see what data you have, and delete data they don't want you to have. There's more to it, that's basically the TLDR of the legalese.

    So to comply, you roughly (read the legal text for the actual details) need to:
    • Tell users WHY you collect data and WHAT data you will collect (this can be done informally on a splash screen and then you put the legalese version in an EULA readme or such)
    • Provide a way to let users request the data you currently have (a cumbersome way like e-mail or paper mail is technically enough and will reduce the amount of people that bother)
    • If someone requests you to delete all data about them, do it.
    Worth noting is that if you anonymize the data so that it's impossible to tell who provided it, you've got much more freedom about what to do with it. Normal app use statistics might be fine under these terms, but if you allow users to enter their name or such (or credit card details for that matter), you need to handle it much more carefully.
     
    RizbIT likes this.
  33. HW.

    HW. Member

    Joined:
    May 21, 2017
    Posts:
    201
    SO...okay, in the last hours or minutes... I also want to unpublish my games in the related countries!

    Time is running fast.... This would be a temporary solution for me, as i will go on doing the consent things.

    So, for anyone else who wants to UNPUBLISH your games in the EEA countries,
    here are the lists of them ( i found hard to get the full complete list on google search, so i want to share this here for you all guys Play store publishers)

    The EEA Agreement brings together the 28 EU Member States and the three EEA EFTA states (Iceland, Liechtenstein and Norway)

    28 EU Member states are:
    Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

    And + the three EEA EFTA states (Iceland, Liechtenstein and Norway)

    then, it should be all = 31.

    OKAY, let's go to your Google Play Developer Console, and Unpublish a.s.a.p (IF you are not ready yet as me and others else)

    This is so near to May 25th... last minutes :confused::bash:

    EDIT: **No need to select the unpublish button on the console, just edit countries guys!**

    Select App > Store Presence > Pricing & Distribution > Manage Countries

    Untick the specific boxes one by one: [x] Unavailable [ ] Available

    If it is already:
    Unavailable countries 31
    Available countries 112

    Then .........

    Submit Update!

    Cheers as of now! :p (what a temporary solution to be safe :( )

    btw,

    "I'll be back" - The Terminator :cool:
     
    Last edited: May 25, 2018
    icebox91 and Maximiliano like this.
  34. icebox91

    icebox91 Member

    Joined:
    Aug 6, 2017
    Posts:
    8
    So I guess from reading that we should wait for them to update the extension. How often do they update the extensions ? will we see the Google Consent SDK soon?
     
  35. The-any-Key

    The-any-Key Member

    Joined:
    Feb 2, 2017
    Posts:
    1,521
    I created a userscript for that: https://greasyfork.org/sv/scripts/368528-google-dev-disable-eu
    I didn't want to manually click on each one in every app I had Admob in :)
    (If you want to use it you need to change the language in the script)
     
  36. J_Dev

    J_Dev Member

    Joined:
    Aug 9, 2016
    Posts:
    42
    I think that YoYo is letting things settle to give their users the best advice on how to comply with GDPR using their extension. I'm expecting the Google extension will be updated once that is established.
     
  37. Wraithious

    Wraithious Member

    Joined:
    Jun 24, 2016
    Posts:
    1,166
    That's correct, deleting them off Europe downloads should be good enough, for now, be aware tho that this is only the beginning, mark my words that within a year or 2 at most this is going to spread like wildfire and these new 'laws' will be adopted by other countries one by one, the true way to avoid all this is keep your ads sdk's and extensions updated and update your apps and games on the playstore before the legal deadlines hit (Europe's deadline has already passed, so obviously I'm talking about the future) I made an ads extension for unity ads and implemented it in all my playstore games and apps that use ads, and put it up on the marketplace for cheap if anyone needs it.
     
    Andrey likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice