GDPR

What You Need to Know First

  • Start with our GDPR Guide: Do not start this article until you read our GDPR Publisher Integration Guide to understand the flow of events that you will implement below.

  • How MoPub determines GDPR-applicable users: We use the device’s truncated IP address to detect the user’s location when they open an app for the first time. If we detect that the user was in the European Economic Area, United Kingdom, or Switzerland, then MoPub considers that GDPR applies to that user for the lifetime of that application. This means that MoPub requires the user’s consent before serving personalized ads for the lifetime of that app.

  • MoPub treats non-GDPR-region users as having consent: Starting with MoPub SDK v5.0, if the user opens the application for the first time in any region outside of the European Economic Area, United Kingdom, or Switzerland, we always treat the user as having consent.

  • MoPub disregards consent from users outisde GDPR regions: MoPub SDK v5.0 does not currently support consent from users located outside the regions to which we have determined GDPR applies, so do not pass the consent state for those users. If you pass a consent state for users whose location MoPub has determined to be outside of the Europoean Econimc Area, the United Kingdom, or Switzerland, MoPub disregards that consent state. Our SDK does not apply GDPR to users outside of these regions, and we continue to process their personal data.

  • Passing personal data: We added an additional field for publishers to send personal data. Publisher partners must send any demographic or interest-based targeting data in the fields designated for such data, as described below. Publisher partners must not include any personal data, including demographic or interest-based targeting data, in any fields intended for contextual targeting (contextural targeting is targeting based on the content of the app).

Check Whether GDPR Applies

To learn whether MoPub has determined that GDPR applies to the user, call MoPub.getPersonalInformationManager.gdprApplies() once the SDK has been initialized. This method returns a boolean. If you receive a null, ensure that the SDK has been initialized. If GDPR applies, proceed to ask your user for explicit consent. You can collect the consent from your users using either the MoPub-owned consent option or the Publisher-owned consent option.

The consent dialog defaults to the user’s device language if the device is set to Deutsch, English, Español, Français, Italiano, Nederlands, or Português. If the user’s device is not set to one of those seven languages, the dialog defaults to English. Additionally, the user can select the dialog’s language. For more information on the consent dialog, refer to our GDPR FAQ.

  1. In your app’s Manifest, add the MoPub’s consent activity tag. Skip this step if you are integrating MoPub SDK v5.10.0 or higher. Relevant permissions and Activities are included in the SDK’s internal AndroidManifest.

     <activity android:name="com.mopub.common.privacy.ConsentDialogActivity"
                     android:configChanges="keyboardHidden|orientation|screenSize"/>
    
  2. Get a PersonalInformationManager instance, used to query the consent dialog:

     PersonalInfoManager mPersonalInfoManager = MoPub.getPersonalInformationManager();
    
  3. Check if you must show the consent dialog:
     mPersonalInfoManager.shouldShowConsentDialog();
    
  4. Start loading the consent dialog. This call fails if the user has opted out of ad personalization.
     mPersonalInfoManager.loadConsentDialog(ConsentDialogListener);
    

    Note: The consent dialog does not load successfully if you request the dialog when mPersonalInfoManager.shouldShowConsentDialog() is ‘false’.

  5. If you have subscribed to listen to events, in the onConsentDialogLoaded() callback, show the consent dialog that the SDK has prepared for you.

    • If you choose to show the consent dialog in the future, check if it is ready using isConsentDialogReady() before showing it.

    • If your consent dialog fails to load, you are notified via onConsentDialogLoadFailed() with the error code, and you can choose to load it again later.

       new ConsentDialogListener() {
      
                   @Override
                   public void onConsentDialogLoaded() {
                       if (mPersonalInfoManager != null) {
                           mPersonalInfoManager.showConsentDialog();
                       }
                   }
      
                   @Override
                   public void onConsentDialogLoadFailed(@NonNull MoPubErrorCode moPubErrorCode) {
                       MoPubLog.i("Consent dialog failed to load.");
                   }
               };
      

Only specific (managed) publishers who have been given explicit permission from MoPub can use their own consent dialog. If you try to use the API without MoPub approval, we will not collect personal data, even for users who have provided consent. Contact your account manager for further assistance.

  1. Check if you should show the consent dialog:
     mPersonalInfoManager.shouldShowConsentDialog();
    
  2. Get a ConsentData instance and a PersonalInfoManager instance:
     PersonalInfoManager mPersonalInfoManager = MoPub.getPersonalInformationManager();
     ConsentData consentData = mPersonalInfoManager.getConsentData();
    
  3. Get the current vendor list link. You can optionally pass in a two-character ISO 639-1 language String to have the information translated into one of the seven available languages.
     consentData.getCurrentVendorListLink(optional language String);
    
  4. Get the privacy policy link. You can optionally pass in a two-character ISO 639-1 language String to have the information translated into one of the seven available languages.
     consentData.getCurrentPrivacyPolicyLink(optional language String);
    
  5. Then, depending on whether the user has given consent, call one of the following methods to notify the MoPub SDK:
     // Call this to let MoPub know the user has granted consent
     mPersonalInfoManager.grantConsent();
    
     // Call this to let MoPub know the user has revoked consent.
     mPersonalInfoManager.revokeConsent();
    
  6. The following is a list of optional methods you can use in addition to the above APIs:
     // Listen to the consent status change. You will have access to the old status, the new status, and a boolean for whether you can continue to collect personal information
     subscribeConsentStatusChangeListener();
    
     // Get the current consent status. The possible statuses can be found in ConsentStatus.java
     getPersonalInfoConsentStatus();
    
     // Additional getters for current/consented vendors and privacy policy. This list might change, so ensure you reference ConsentData.java for the most recent APIs.
     getCurrentVendorListVersion();
     getCurrentPrivacyPolicyVersion();
     getCurrentVendorListIabFormat();
     getConsentedPrivacyPolicyVersion();
     getConsentedVendorListVersion();
     getConsentedVendorListIabFormat();
    

Starting with MoPub SDK v5.1+, publishers can determine which users should be treated as GDPR-compliant through the API PersonalInfoManager.forceGdprApplies(). For additional details, refer to this section of our GDPR Publisher Integration Guide.

Best Practices

You can use the method MoPub.canCollectPersonalInformation() to determine whether the user has provided consent for MoPub and its partners to process personal data. If you use MoPub mediation, adapters have already been modified to notify the mediated SDKs whether they, too, can collect and process users’ personal data.

Keywords API for Contextual Data

For GDPR compliance, if you are not on MoPub SDK v5.0+, do not target interest or demographic keywords in the European Economic Area, United Kingdom, or Switzerland. Additionally, MoPub blocks interest and demographic keywords when the user does not have consent in these regions.

The MoPub SDK exposes an additional keyword API (setUserDataKeywords()) for publishers to send demographic data (such as age or gender) or interests data for ad targeting. You must send any demographic or interest-based targeting data in this field.

You can continue passing contextual keywords (that is, you can continue to target based on the content of the app) using the setKeywords() API. Do not include any personal data, such as demographic or interest-based targeting data, in this field.

Do not send MoPub any keywords in either field if they violate the MoPub Policies for Publisher Partners.

Last updated November 18, 2020

TWITTER, MOPUB, and the Bird logo are trademarks of Twitter, Inc. or its affiliates. All third party logos and trademarks included are the property of their respective owners.

© 2020 MoPub (a division of Twitter, Inc.)