16

In the past months I've received several communications from AdMob regarding GDPR. I've found them very difficult to understand, but from what I gather they say GDPR is entering a new phase. They also mention something called IAB (Internet Advertising Bureau?).

In none of those messages I've been able to figure out if any action is required from me. The latest novelty is this notification appeared in my AdMob account:

You can collect consent for GDPR with our new privacy message that supports IAB's latest consent framework starting from August 13, 2020. Visit our EU User Consent settings to learn about our consent message solution.

The fact that it starts with "You CAN" makes me think that this new GDPR form is not mandatory. However, the previous form, the one that we were instructed to use in 2018, appears now in Google's documentation as "Legacy" (can't find the link).

I'm confused about the situation regarding EU Compliance forms now. The fact that AdMob has sent several messages on the matter suggests that it is important. But up till now, that kind of communications usually ended with either a call to action "please comply with this before date X", or saying "no action from you is required". In this case, they never give you one of those options, and I don't understand what am I supposed to do.

...on the other hand, if this stuff is indeed important and some action is required, then I wonder why, unlike what happened in 2018, there are hardly any articles or tutorials online about this new GDPR setup, even though it seems more complex than the previous one (you're required to create an account in a service called Funding Choices, there seem to be new parameters like underAgeOfConsent...) All I've found is this SO question about the implementation of the new system, which doesn't give information about in which cases, or how, should that implementation be done.

As for Google, they have guides all over the place, but none of them makes clear either if this change is mandatory or not (and I don't know which one of the guides I should follow):

https://support.google.com/admob/answer/7666519

https://developers.google.com/admob/ump/android/quick-start

Could someone please clarify for me the situation regarding EU consent forms? What do I have to do to be on the safe side?

--Do I have to use this new system for future apps, or can I stick to the legacy system?

--If the old system is no longer allowed, am I supposed to replace the old form in all my previously published apps too?

Abderian
  • 193
  • 8
  • Too many and I wondering the same. Please share what you came up to – code ketty Sep 19 '20 at 09:21
  • 1
    Thank you for answering. There have not been any new developments during this time (no new online information on the topic, and no new communications from Google). My working hypothesis is that Google's messages were "just in case" communications, in a situation that perhaps isn't clear for them either, and that next time I publish an app everything will be just business as usual. For sure I will report back here any new info I gather... – Abderian Sep 19 '20 at 10:59

1 Answers1

6

This has been confusing me also. In my opinion this should not HAVE to be mandatory. And it should simply be like this: If you do not use some form of GDPR consent in your apps then Google Admob should simply not display personalized ads to users in those countries. Which would diminish overall revenue.

However, it is left up to the publisher to disable personalized ads to EEA and UK users if you do not gather consent. You can do so in your Admob console under Blocking Controls. I get the idea that Google is trying to put blame on publishers in case of a GDPR infringement case. And they are clear as mud on all this. An excellent decoy in a court case.

I think it is best to try use com.google.android.ads.consent:consent-library:1.0.6 for Android. Rather than other stuff.

I did find this puzzling part in the documentation of the library though: "Ads served by Google can be categorized as personalized or non-personalized, both requiring consent from users in the EEA." So does non-personalized ads now also use personal data ? What is going on here ? Why in both cases ? Clear as mud.

In the mean time I will contemplate giving integrating the relevant library into one of my apps a try - and see how that goes. But I can already see it is frustratingly complicated relative to how things can be and was. I think Google should rather handle it all in their Admob SDK and simplify the whole process and take responsibility.

I hope my reply helps someone.

Have you learned something more on this issue ?

NeoFrontier Technologies
  • 61
  • 1
  • 4
  • Thank you for adding your experience to clarify this mess. I haven't been able to publish any app since I posted the question, and there have been no new messages by AdMob on the matter, so I cannot provide further info. That new piece of legal prose you quote is priceless; I've seen Kafka novels that made more sense than this :) – Abderian Jan 21 '21 at 18:57