1. Addapptr Avatar Addapptr
  2. AddApptr Documentation (external)
  3. AddApptrLandingPage

Wiki

Clone wiki

AddApptrLandingPage / GDPR

View History

AddApptr’s view on GDPR

The General Data Protection Regulation (GDPR) came into effect on May 25, 2018.

Generally spoken, GDPR stipulates an opt-in approach as regards the use of personal data and requires the option to opt-out at any time.

AddApptr is a service provider in the mobile advertising sector located in Hamburg, Germany. As such, AddApptr is obliged to comply with European legislation. GDPR is the key regulation to follow when it comes to processing personal data. In short, the following principles must be adhered to:

AddApptr as a company within the EEA (in the following: EU) must comply with GDPR, regardless of whether

  • the end user (user of an app) lives or just is located in the EU
  • the end user is a citizen of the EU
  • publishers using AddApptr are located outside the EU

AddApptr only processes personal data (i.e. the Advertising ID) if the app user’s consent is technically given to AddApptr. There are two different ways to pass the user’s consent to AddApptr:

  • either the simple consent of the AATKit API is obtained
  • or consent is obtained under the IAB Transparency & Consent Framework (TCF)

What AddApptr does regarding GDPR

AddApptr provides two different ways to (technically) obtain the user’s consent. The user’s consent can be passed to AddApptr either by using the simple consent API or through an IAB TCF consent string. AddApptr itself is a registered vendor in the IAB TCF framework.

Fully compliant consent management requires the option for users to revoke their choice at any time within the app. This option must be provided by the app.

Note: Legally, consent is just one lawful reason to process personal data under the regime of GDPR. At least two other lawful reasons to process personal data could be taken into consideration: the performance of a contract, or a legitimate interest. Technically, the ecosystem has decided to base the processing of personal data on the lawful reason of the user’s consent.

What publishers using AddApptr should do

Ad networks partnering with AddApptr act differently with regard to consent management:

  • One group is operating under the IAB TCF and hence relies on the app using an IAB-compliant CMP. Examples are: Google, SmartAd Server, Amazon. Also, AddApptr as a vendor operates under the IAB TCF - if IAB consent is present, AddApptr’s SDK will respect it for its own vendor purposes.
  • Another group of networks provides its own consent-related APIs, typically in a rather simple form like consent equals true or false. Accordingly, AddApptr’s SDK provides a similar sort of simple consent API and passes that consent to the relevant partner ad networks if provided by the app. An example being Facebook. If no IAB consent is present, AddApptr’s SDK will also respect the simple consent setting for its own vendor purposes.

In order to enable ad personalization for most of the networks, AddApptr recommends that the app should do the following:

  • In general, ask the users for their consent to ad personalization. Provide an additional option to opt out at any time, e.g. through a "Privacy Settings" menu.

  • Utilize an IAB-compliant CMP

    • Either use AddApptr's CMP adaptor interface (look for "ManagedConsent" in the SDK Documentation)
    • Or integrate the CMP of your choice individually and make sure to pass any non-IAB vendors' consent to AATKit by using its "VendorConsent".
    • If you use an IAB compliant CMP, please make sure to comply with the IAB TCF publisher policies which include to insert a text like the following into your privacy policy: ”<Your Organisation> participates in the IAB Europe Transparency & Consent Framework and complies with its Specifications and Policies. <Your Organisation> uses the Consent Management Platform with the identification number <CMP ID>.”

  • Make sure to configure the CMP properly:

    • Select “AddApptr GmbH” as a vendor to use.
    • Select “Google Advertising Products” as a vendor to use.
    • Select other typical vendors needed for optimal monetization.
    • Do not set a "global" scope for the consent you request from the user. Only "service" (app) or "group" (publisher) scopes are allowed.
    • Ask all users for consent again, after adding AddApptr, Google, or other typical vendors to your CMP configuration.

Related Topics

CCPA
LGPD

Updated