GDPR

What You Need to Know First

  • Start with our GDPR Guide: Do not start this article until you read our GDPR Publisher Integration Guide to understand the flow of events that you will implement below.

  • How MoPub determines GDPR-applicable users: We use the device’s truncated IP address to detect the user’s location when they open an app for the first time. If we detect that the user was in the European Economic Area, United Kingdom, or Switzerland, then MoPub considers that GDPR applies to that user for the lifetime of that application. This means that MoPub requires the user’s consent before serving personalized ads for the lifetime of that app.

  • MoPub treats non-GDPR-region users as having consent: Starting with MoPub SDK v5.0, if the user opens the application for the first time in any region outside of the European Economic Area, United Kingdom, or Switzerland, we always treat the user as having consent.

  • MoPub disregards consent from users outisde GDPR regions: MoPub SDK v5.0 does not currently support consent from users located outside the regions to which we have determined GDPR applies, so do not pass the consent state for those users. If you pass a consent state for users whose location MoPub has determined to be outside of the Europoean Econimc Area, the United Kingdom, or Switzerland, MoPub disregards that consent state. Our SDK does not apply GDPR to users outside of these regions, and we continue to process their personal data.

  • Passing personal data: We added an additional field for publishers to send personal data. Publisher partners must send any demographic or interest-based targeting data in the fields designated for such data, as described below. Publisher partners must not include any personal data, including demographic or interest-based targeting data, in any fields intended for contextual targeting (contextural targeting is targeting based on the content of the app).

Check Whether GDPR Applies

To learn whether MoPub has determined that GDPR applies to the user, call MoPub.IsGdprApplicable once the SDK has been initialized. This function returns a bool indicating whether GDPR applies to the user. If you receive an unknown answer or a null, ensure that the SDK has been initialized. If GDPR applies, proceed to ask your user for explicit consent. You can collect the consent from your users using either the MoPub-owned consent option or the Publisher-owned consent option.

The consent dialog defaults to the user’s device language if the device is set to Deutsch, English, Español, Français, Italiano, Nederlands, or Português. If the user’s device is not set to one of those seven languages, the dialog defaults to English. Additionally, the user can select the dialog’s language. For more information on the consent dialog, refer to our GDPR FAQ.

  1. Check whether you must show the consent dialog:
      MoPub.ShouldShowConsentDialog { get }
    
  2. Start loading the consent dialog. This call fails if the user has opted out of ad personalization.
      MoPub.LoadConsentDialog();
    

    Note: The consent dialog does not load successfully if you request the dialog when MoPub.isGDPRApplicable is ‘false’.

  3. If you have subscribed to listen to events, in the OnConsentDialogLoadedEvent callback, show the consent dialog that the SDK has prepared for you.

    • If you choose to show the consent dialog in the future, check if it is ready using IsConsentDialogLoaded before showing it.

    • If your consent dialog fails to load, you are notified via OnConsentDialogFailedEvent() with the error code, and you can choose to load it again later.

    // Subscribe to event
        MoPubManager.OnConsentDialogLoadedEvent += OnConsentDialogLoaded;
     
        void OnConsentDialogLoaded() {
            MoPub.ShowConsentDialog();
        }
    

Only specific (managed) publishers who have been given explicit permission from MoPub can use their own consent dialog. If you try to use the API without MoPub approval, we will not collect personal data, even for users who have provided consent. Contact your account manager for further assistance.

  1. You can optionally choose a language to set (a two-character ISO 639-1 String) for your vendor list and privacy policy when you construct your consent dialog, as shown:
      MoPub.ConsentLanguageCode = "en";
    
  2. Access this to get the current vendor list link:
      Uri url = MoPub.PartnerApi.CurrentVendorListUrl;
    
  3. Access this to get the current privacy policy link:
      Uri url = MoPub.PartnerApi.CurrentConsentPrivacyPolicyUrl;
    
  4. Then, depending on whether the user has given consent, call one of the follwoing methods to notify the MoPub SDK:

     // Call this to let MoPub know the user has granted consent
     MoPub.PartnerApi.GrantConsent();
    
     // Call this to let MoPub know the user has revoked consent.
     MoPub.PartnerApi.RevokeConsent();
    
  5. The following is a list of optional methods you can use in addition to the above APIs:
     // Get the current consent status. The possible statuses can be found in the MoPub.Consent.Status enum
     MoPub.Consent.Status MoPub.CurrentConsentStatus { get }
      
     // Listen to the consent status change. You will have access to the old status, the new status, and a boolean for whether you can continue to collect personal information
     MoPubEventListener.OnConsentStatusChanged(oldStatus, newStatus, canCollectPii)
      
     // Additional methods for current/consented vendors and privacy policy. Always reference `PartnerApi` for the most recent APIs.
     string MoPub.PartnerApi.CurrentConsentIabVendorListFormat { get }
     string MoPub.PartnerApi.CurrentConsentPrivacyPolicyVersion { get }
     string MoPub.PartnerApi.CurrentConsentVendorListVersion { get }
     string MoPub.PartnerApi.PreviouslyConsentedIabVendorListFormat { get }
     string MoPub.PartnerApi.PreviouslyConsentedPrivacyPolicyVersion { get }
     string MoPub.PartnerApi.PreviouslyConsentedVendorListVersion { get }
    

Starting with MoPub SDK v5.1+, publishers can determine which users should be treated as GDPR-compliant through the API ForceGdprApplicable. For additional details, refer to this section of our GDPR Publisher Integration Guide.

Best Practices

You can use MoPub.CanCollectPersonalInfo to learn whether the user has provided consent for MoPub and its partners to process personal data. If you use MoPub mediation, adapters have already been modified to notify the mediated SDKs whether they, too, can collect and process users’ personal data.

Keywords API for Contextual Data

For GDPR compliance, if you are not on MoPub SDK v5.0+, do not target interest or demographic keywords in the European Economic Area, United Kingdom, or Switzerland. Additionally, MoPub blocks interest and demographic keywords when the user does not have consent in these regions.

The MoPub SDK exposes an additional keyword API (userDataKeywords) for publishers to send demographic data (such as age or gender) or interests data for ad targeting. You must send any demographic or interest-based targeting data in this field.

You can continue passing contextual keywords (that is, you can continue to target based on the content of the app) using the keywords API. Do not include any personal data, such as demographic or interest-based targeting data, in this field.

Do not send MoPub any keywords in either field if they violate the MoPub Policies for Publisher Partners.

Last updated August 24, 2020

TWITTER, MOPUB, and the Bird logo are trademarks of Twitter, Inc. or its affiliates. All third party logos and trademarks included are the property of their respective owners.

© 2020 MoPub (a division of Twitter, Inc.)