GDPR consent screen and coding

Question

I am going to have ads in my app, so I am crazy with the GDPR consent. That is why I am asking for help.

I have read many (many) webpages about the GDPR but they are way too confusing for my small brain. So I would like to know if someone here can show some light. First of all, I want the simplest solution. I don't want the user to choose what to do or not. I mean, my app's first screen will display the EULA and the Cookie Consent. If the user accepts them then the app continues, if not, the app is closed. That is what it is. I think people is too crazy about having their privacy stollen just because of displaying ads. If they are so afraid, they could purchase the paid app without ads.

Of course my app doesn't take any private data (no contacts, no calls, no location) and doesn't share it with any third parties. It is just a regular app that wants to display ads in a legal way.

I have found and encoding problem according to the consent in IAB format. I think it is a long chain of 0 or 1 depending on the different situations. Can anyone help how to code that?

I will show the user some text like this:

You must read and agree the End User Licence Agreement (EULA) and the Cookie Consent to continue.

Cookie consent:

European laws require that digital publishers give user of apps information about their use of COOKIES and other forms of local storage. You must agree the next consent to continue: We use device identifiers, location data, and other demographic and interest data to personalise content and ads, to provide media features and to analyse our traffic. We also share such identifiers and other information from your device with our advertising and analytics partners (which are InMobi.com, Smaato, StartAp and Flurry).

Maybe the first question is: Do I really need to code a consent in IAB format?

Many ads company ask for it. For example InMobi:

    JSONObject consentObject = new JSONObject();
    try {
        // Provide correct consent value to sdk which is obtained by User
        consentObject.put(InMobiSdk.IM_GDPR_CONSENT_AVAILABLE, true);
        // Provide 0 if GDPR is not applicable and 1 if applicable
        consentObject.put("gdpr", "1");
        // Provide user consent in IAB format
        consentObject.put(InMobiSdk.IM_GDPR_CONSENT_IAB, “<<consent in IAB format>>”); 
    } catch (JSONException e) {            
    }
    InMobiSdk.init(this, "Insert InMobi Account ID here", consentObject);

One last question: As far as I know, GDPR consent must be shown only for Europeans, why do I know in my app if the user is currently in Europe or in the USA?

No, sorry. I gave up and made my app a paid app without ads. — Ton, Mar 28 '20 at 10:42
Having same problem here. I don't even know what's the consent in IAB format. There's no any template on Google. — Kimi Chiu, Apr 02 '20 at 11:07
Check [this](https://digiday.com/media/what-is-a-gdpr-consent-string/) for info — Rajen Raiyarela, Apr 23 '20 at 15:16

score 1 · Answer 1 · answered Oct 27 '20 at 11:59

According to your last question: For users in Japan and Korea and a few other countries outside the EU there is already a kind of country-specific version of the European GDPR. In some cases I know it is less strict (making it easier for local industry to work with data).

From this EU website

The effect of such a decision is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary. In others words, transfers to the country in question will be assimilated to intra-EU transmissions of data. The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection. Adequacy talks are ongoing with South Korea.

I assume this list of countries will grow.

Very informative is the list of all countries and their data privacy policies summary published here by the Swiss government. Unfortunately it is only in French but still easy to understand, and with three categories according to privacy requirements in each country.

score 1 · Accepted Answer · answered Oct 28 '20 at 04:56

First I would like to correct some of your understandings based on your question.

Of course my app doesn't take any private data (no contacts, no calls, no location) and doesn't share it with any third parties. It is just a regular app that wants to display ads in a legal way.

It's absolutely valid doubt that if your app is not collecting any personal data then why GDPR? When you integrate any ad network they actually collect some of these data (for ex. location) to provide better-targeted ads to the user. Now what ad network can collect and cannot collect in the EU region is defined by the IAB string you set on an ad network.

Now coming to the actual help you need

I have found an encoding problem according to the consent in IAB format. I think it is a long chain of 0 or 1 depending on the different situations. Can anyone help how to code that?

Yes, the IAB format is a little tricky. So there are new SDKs coming up primarily called CMP (Consent Management Platforms), you can integrate them to take the consent from the user on behalf of you. There are a lot of companies providing such support (to name a few LiveRamp, Oggury). But when you integrate CMP make sure that the networks integrated are also supporting consent reading from CMP. InMobi v9.1.0+ supports CMP integration. By using CMP and InMobi v9.1.0+ you can safely remove the consent object while doing SDK init.

Hope this helps. In case of any further doubts please leave a comment here.

GDPR consent screen and coding

2 Answers2