GDPR and COPPA | iOS
General Data Protection Regulation
As a publisher, you should integrate a Consent Management Platform (CMP) and request for vendor and purpose consents as outlined in IAB Europe’s Mobile In-App CMP API v1.0: Transparency & Consent Framework. You can find a reference implementation of a web-based CMP and the corresponding native wrappers here in the IAB’s GDPR Transparency and Consent Framework.
If you are embedding your own custom CMP, the collected end-user consent information needs to be stored in NSUserDefaults using the following keys:
||boolean||Set to YES if a CMP that follows the IAB specification is present in the application.|
||String||“1” = Subject to GDPR
“0” = Not subject to GDPR
“-1” = Unknown (default before initialization)
||String||Base64-encoded consent string as defined in by the IAB: Consent string and vendor list format v1.1|
||String||String of “0”s and “1”s, where the character at position N indicates the consent status to purposeID N as defined in the Global Vendor List|
||String||String of “0”s and “1”s, where the character at position N indicates the consent status to vendorID N as defined in the Global Vendor List|
[[NSUserDefaults standardUserDefaults] setObject:@"0" forKey:@"IABConsent_SubjectToGDPR"]; // User is not subject to GDPR
Children’s Online Privacy Protection Act (COPPA)
“COPPA” stands for The Children’s Online Privacy Protection Rule. It imposes certain requirements on Publishers (operators of websites or online services) with apps/sites directed to children under 13 years of age, and on operators of other websites or online services (i.e., Smaato) that have actual knowledge (defined below) that they are collecting personal information online from a child under 13 years of age.
COPPA can be enabled or disabled like this:
adSettings.coppaEnabled = YES; // default is set to NO
When should the COPPA Flag be set to COPPA=1?
If the publisher doesn’t have an age, or even if the publisher has an age gate, Smaato may need to flag the publisher’s application as COPPA=1:
- A publisher notifies the Smaato sales department (or emails Smaato legal department) that they have an application directed towards children OR
- If Smaato notices that a publisher’s application is very obviously directed to children under 13 (e.g., the application has “for Kids” in the name, features animation, or has other indicators that the app is for children).
If the publisher has an age gate, such that the age of the end-user is known, then:
- Age gate says end-user is <13, then the publisher must send the
- Age gate says end-user is ≥13, then the publisher should send the
Modified: August 8, 2019 at 3:17 pm