As part of the merge with Liftoff, all Vungle
products, services and accounts are available at liftoff.io.

To access your Vungle dashboard, you will now log in at liftoff.io.

You are now being redirected to liftoff.io in 15 seconds.

May 25th 2018

Part 3: Getting Ready for GDPR – Practical Considerations Copy

In this installment of our GDPR series, we discuss the highest priority issues for publishers and advertisers. And as a reminder, this is not legal advice; just Vungle’s analysis of what these new regulations mean for app developers and advertisers. As always, you should work with your legal team to determine what is appropriate for your specific situation. 

Publishers: It’s All About Consent

The GDPR puts a premium on user consent for data collection and retention. Additionally, publishers should be mindful of how the new rules apply to two different types of entities:

  • Controllers – determine how and why personal data should be processed. Typically, app publishers, mediators and ad networks will be considered data controllers. 
  • Processors  – process data on behalf of controllers. Typically, service vendors (e.g. data storage, analytics) will be considered data processors.

From a user-experience perspective, having each data controller run their own opt-in process is far from ideal. For instance, if an app has integrated three ad networks and a mediation platform, the user could be presented with four separate opt-in dialogs, each of which would likely have slightly different wording and look and feel. Under guidance published by the European Commission working group on GDPR issues, publishers can gather consent for multiple controllers as long as each controller is named and the data collected is disclosed (Section 3.3.1). 

Vungle has enabled user-level consent flags in the latest versions of its SDKs for iOS, Android and Windows. This will provide publishers collecting user consent a mechanism to pass that consent to Vungle via our SDK for each request. Vungle can then apply the appropriate data controls.

One of the ironies of these new regulations is that consumers have had the ability to control key elements of their mobile privacy for years – all of the major app platforms have user-level controls about whether their advertising IDs can be used for more personalized ads. The upside here is that mobile advertising providers have built their systems to accommodate this option, and will be able to handle the newly opted-out users without undue disruption.

It is also worth clarifying that opting out of data collection does not opt the user out of seeing ads completely. Instead, opting out means that Vungle (and other ad networks) won’t be able to use historical performance data to better customize what ads the user will see.

Advertisers & Publishers – Getting Your (Data) House in Order

The GDPR and ePrivacy Directive apply not only to a company’s workflow, but also extend to the company’s vendors and suppliers. In other words, developers should review current agreements and policies with third-party vendors so they’re aligned with the GDPR.

Additionally, companies are updating their privacy policies and amending their contracts and terms of use as a result of updated notice, transparency, and user rights requirements under GDPR. Many are also putting new Data Processing Agreements (DPAs) in place with their vendors who process user data. These steps aim to ensure that user data is being handled properly and that all companies in the data stream understand their roles and responsibilities are in compliance with the new regulatory environment.

Hopefully this series of posts has provided some useful information and helped to provide greater detail about how Vungle is supporting both advertisers and publishers to build GDPR-compliant systems. Thanks for reading, and we’ll come back in a few months to assess the impact of these new regulations.

Part 1: GDPR – What It Is and Why It Matters

Part 2: GDPR – Building a Compliant Network

Resources:

Vungle’s GDPR-compliant SDKs for iOS, Android and Windows

Guidelines on Consent from the European Commission Article 29 Working Party

Article 29 WP Guidelines

Vungle’s GDPR Implementation FAQs

If you have GDPR-specific questions, please contact GDPR@vungle.com.

Marcella Churchill

Marcella Churchill

Director of Corporate Marketing

Blog