GDPR

What You Need to Know First

  • Before getting started with this section, make sure that you have read the Quick Guide on GDPR to understand the flow of events that you will be implementing below.
  • We added an additional field for publishers to send personal data. Publisher Partners must send any demographic or interest-based targeting data in the fields designated for such data, as described below. Publisher Partners must not include any personal data, including demographic or interest-based targeting data, in any fields intended for contextual targeting (that is, targeting based on the content of the app).
  • As of SDK 5.0, if the user opened the application for the first time in any region outside of the European Economic Area, United Kingdom, or Switzerland, we will always treat the user as having consent.

The consent dialog will default to the user’s device language if it is set to Deutsch, English, Español, Français, Italiano, Nederlands, or Português. If the user’s device is not set to one of those 7 languages, the dialog will default to English. Additionally, the user will have the ability to select the dialog’s language. For more information on the consent dialog, see our FAQ.

  1. In your app’s Manifest, add the MoPub’s consent activity tag:

     <activity android:name="com.mopub.common.privacy.ConsentDialogActivity"
                     android:configChanges="keyboardHidden|orientation|screenSize"/>
    
  2. Get a PersonalInformationManager instance, which you will use to query the consent dialog:

     PersonalInfoManager mPersonalInfoManager = MoPub.getPersonalInformationManager();
    
  3. Check if you should show the consent dialog:
     mPersonalInfoManager.shouldShowConsentDialog();
    
  4. Start loading the consent dialog. This call is a no-op if the user has opted out of ads personalization.
     mPersonalInfoManager.loadConsentDialog(ConsentDialogListener);
    

    Note: Consent Dialogue will not load successfully if you are trying to request the dialogue when mPersonalInfoManager.shouldShowConsentDialog() is false.

  5. If you have subscribed to listen to events, in the onConsentDialogLoaded() callback, show the consent dialog that the SDK has prepared for you.
    • If you choose to show the consent dialog at some point in the future, check if it is ready via isConsentDialogReady() before showing it.
    • If your consent dialog fails to load, you will be notified via onConsentDialogLoadFailed() with the error code, at which point you can choose to load it again later.
         new ConsentDialogListener() {
      
                 @Override
                 public void onConsentDialogLoaded() {
                     if (mPersonalInfoManager != null) {
                         mPersonalInfoManager.showConsentDialog();
                     }
                 }
      
                 @Override
                 public void onConsentDialogLoadFailed(@NonNull MoPubErrorCode moPubErrorCode) {
                     MoPubLog.i("Consent dialog failed to load.");
                 }
             };
      

SDK v 5.0 does not currently support consent from users located outside of where we have determined GDPR applies, and you should not pass consent state for users outside of these regions. If you are passing a consent state for users that MoPub has determined are located outside of the Europoean Econimc Area, the United Kingdom, or Switzerland, MoPub will disregard the consent state, because the SDK will not treat GDPR as applying to users outside of these regions, and we will continue to process their personal data.

Only specific (managed) publishers who have been given permission may use their own consent dialog. If you attempt to use the API without approval, we will not collect personal data even for users who have provided consent. Please contact your account manager for further assistance.

  1. Check if you should show the consent dialog:
     mPersonalInfoManager.shouldShowConsentDialog();
    
  2. Get a ConsentData instance and a PersonalInfoManager instance:
     PersonalInfoManager mPersonalInfoManager = MoPub.getPersonalInformationManager();
     ConsentData consentData = mPersonalInfoManager.getConsentData();
    
  3. Get the current vendor list link. You can optionally pass in a 2-character ISO 639-1 language String to have the information translated into 1 of the 7 available languages.
     consentData.getCurrentVendorListLink(optional language String);
    
  4. Get the privacy policy link. You can optionally pass in a 2-character ISO 639-1 language String to have the information translated into 1 of the 7 available languages.
     consentData.getCurrentPrivacyPolicyLink(optional language String);
    
  5. Then, depending on whether the user has given consent, call one of the below methods to let the MoPub SDK know:
     // Call this to let MoPub know the user has granted consent
     mPersonalInfoManager.grantConsent();
    
     // Call this to let MoPub know the user has revoked consent.
     mPersonalInfoManager.revokeConsent();
    
  6. (Optional) Below is a list of methods you could use in addition to the above APIs:
     // Listen to the consent status change. You will have access to the old status, the new status, and a boolean for whether you can continue to collect personal information
     subscribeConsentStatusChangeListener();
    
     // Get the current consent status. The possible statuses can be found in ConsentStatus.java
     getPersonalInfoConsentStatus();
    
     // Additional getters for current/consented vendors and privacy policy. This list might change, so ensure you reference ConsentData.java for the most recent APIs.
     getCurrentVendorListVersion();
     getCurrentPrivacyPolicyVersion();
     getCurrentVendorListIabFormat();
     getConsentedPrivacyPolicyVersion();
     getConsentedVendorListVersion();
     getConsentedVendorListIabFormat();
    

    As of 5.1+, publishers will be able to determine which users should be treated as GDPR-compliant through the API PersonalInfoManager.forceGdprApplies(). For additional details, check here.

Best Practices

You can use the method MoPub.canCollectPersonalInformation() to determine whether the user has provided consent for MoPub and its partners to process personal data.

In order to identify if MoPub has determined that GDPR applies to the user, you can call MoPub.getPersonalInformationManager.gdprApplies() once the SDK has been initialized. A boolean will be returned. If you get back a null, ensure that the SDK has been initialized.

Keywords API for Contextual Data

For purposes of GDPR compliance, if you are not on SDK version 5.0+. you should not target interest or demographic keywords in the European Economic Area, United Kingdom, and Switzerland. Additionally, MoPub will block interest and demographic keywords when the user does not have consent in these regions.

The MoPub SDK exposes an additional keyword API (setUserDataKeywords()) for publishers to send demographic data (for example, age or gender) or interests data for ad targeting. You must send any demographic or interest-based targeting data in this field.

You can continue passing contextual keywords (meaning, targeting based on the content of the app) via the setKeywords() API. Do not include any personal data, including demographic or interest-based targeting data, in this field.

Do not send MoPub any keywords in either field if they violate the MoPub Policies for Publisher Partners.

Last updated December 05, 2018

TWITTER, MOPUB, and the Bird logo are trademarks of Twitter, Inc. or its affiliates. All third party logos and trademarks included are the property of their respective owners.

© 2018 MoPub Inc.