GDPR and COPPA | Android

General Data Protection Regulation (GDPR)

As a publisher, you should integrate a Consent Management Platform (CMP) and request for vendor and purpose consents as outlined in IAB Europe’s Mobile In-App CMP API v1.0: Transparency & Consent Framework. You can find a reference implementation of a web-based CMP and the corresponding native wrappers here.

If you are embedding your own custom CMP, the collected end-user consent information needs to be stored in SharedPreferences using the following keys:

Key Type Description
IABConsent_CMPPresent boolean Set to YES if a CMP that follows the IAB specification is present in the application.
IABConsent_SubjectToGDPR String “1” = Subject to GDPR
“0” = Not subject to GDPR
“-1” = Unknown (default before initialization)
IABConsent_ConsentString String Base64-encoded consent string as defined in by the IAB: Consent string and vendor list format v1.1
IABConsent_ParsedPurposeConsents String String of “0”s and “1”s, where the character at position N indicates the consent status to purposeID N as defined in the Global Vendor List
IABConsent_ParsedVendorConsents String String of “0”s and “1”s, where the character at position N indicates the consent status to vendorID N as defined in the Global Vendor List

Example Code

[[NSUserDefaults standardUserDefaults] setObject:@"0" forKey:@"IABConsent_SubjectToGDPR"]; // User is not subject to GDPR

Children’s Online Privacy Protection Act (COPPA)

“COPPA” stands for The Children’s Online Privacy Protection Rule. It imposes certain requirements on publishers (operators of websites or online services) with apps/sites directed to children under 13 years of age, and on operators of other websites or online services (i.e., Smaato) that have actual knowledge (defined below) that they are collecting personal information online from a child under 13 years of age.

Enabling COPPA

You are able to activate and deactivate COPPA by using the following example:

mBanner.getUserSettings().setCOPPA(value); // true to enable, false otherwise.

When Should the COPPA Flag be Set to COPPA=1?

If the publisher doesn’t have an age, or even if the publisher has an age gate, Smaato may need to flag the publisher’s application as COPPA=1:

  1. A publisher notifies the Smaato sales or legal departments that they have an application directed towards children OR
  2. If Smaato notices that a publisher’s application is very obviously directed to children under 13 (e.g., the application has “for Kids” in the name, features cartoons, or has other indicators that it’s intended for children).

If the publisher has an age gate, such that the age of the end-user is known, then:

  • Age gate says end-user is <13, then the publisher must send the COPPA=1 flag;
  • Age gate says end-user is ≥13, then the publisher should send the COPPA=0 flag.

Modified: August 8, 2019 at 3:16 pm