So my question is: what is a good way to make sure I am complying with this new policy? Specifically, how would I word my EULA and (on Android) how would I present it to my users (as I understand it, Apple has a built in feature to show EULAs).
(e) Software Development Kit
As a side note here is what my current privacy/consent page looks like (very ugly). I don't ask but they can always go to the page and give me permission to use Admob. I don't believe it is 100% compliant for GDPR but at least it shows that I am trying.
Screen Shot 2018-05-05 at 6.07.04 PM.png 916.72KB 1 downloads
And here is the quote from Startapp that will be part of their GDPR policy:
When consent is not passed to StratApp (or provided to you) StartApp will continue serve non-personalized advertising. Nonetheless, StratApp may decide to separately seek consent directly from the user for StartApp’s use of personal data.
If you show the pop-up consent and they say no what are you planning on doing? Close the app?
This is just my opinion. My opinion only. If I was going to use Appodeal, I would not show any ads the x times they play a game. When they start their second or third game, I would give them an option either to buy the ad-free module or to consent to their personal data being used for targeted ads. If I had a reliable way to determine they were in the EU, I would do this scheme for users that are playing my game in the EU.
Another idea is to tie the consent to some currency in the game or to some other reward.
We're also trying to figure this out - from how i understand it now we have to do something like this. But as you can see from my questions after i'm pretty confused...
2. Store the record of the consent in a backend. how? what to store?
3. Provide a way for users to opt out and get tracked data removed. How to implement this? Is it needed if the consent is required to get into the app in the first place?
We're also thinking about, as a tempory solution, doing a detection on the ip and if it's an eu users we just won't init appodeal at all. It will hurt us a bit revenue wise, but then we can wait and see how others will be doing.
Just for me:
1. I am not showing it at start-up. They can go and switch the consent to "on" by clicking on the icon.
2. I am not storing the consent in any backend. I am storing it on the local device.
3. I have a feedback form where they can ask to be removed from tracked data. In that case, I'll just forward the request to the provider. Whoever that might be: Google or Doorbell (doorbell has a special email to do it).
@agramonte Interesting - thanks for sharing! I have some questions about your plan - hope you don't mind!
Just trying to figure out what we could do in order to have a chance with this.
1. What would be the motivation for the user to turn it on? If it's not necessary for playing the game?
2. From what i understand we need to keep a record of the GDPR consents (with identifier, timestamp and the terms on the consent date) to be able to prove we actually got the consent. But would be great if there was an opening to store the consent locally.
3. Feedback form is a great idea for data removal - i guess we could just use that as well and link to it from settings in the app. Wonder if we have to get the identifier of the user somehow then? In order to then pass it on to all the ad networks for data removal etc.
Pretty crazy all this - wonder if most appodeal games will actually have anything like this in place. Probably not.
It is just for me:
- I am showing the consent pop at start up for every user since I don't want to use any private server to get the user ip address.
- I will allow everyone to play without any ads for the first 3 times, then show the pop up. This would allow the players to make better decision whether they want to play more or not.
- The pop up would state the following message:
To provide this app for Free To Play, this app uses Appodeal SDK for In App Advertisements. They may collect Personal data such as your device's advertising ID, GPS data, IP addresses in order to show relevant ads. Do you consent? Note that the app will not function if you decline unless you buy No Ads feature.You can revoke consent from the settings screen at any time. Please press More if you are unsure.
- If the user accepts then I would use the appodeal.init. and change the consent state to true and use os.date("%d-%m-%Y") to save the date. Then save the data locally and also in the players google snapshot file.
This app offers Ad-Free Experience also. You can buy this feature to turn off ads and prevent any data collection from Appodeal for showing you relevant ads.If you don't want to buy then please give consent by pressing the Appodeal button and experience the game for free.You can use opt-out feature from your device settings to remove relevant ads, then Appodeal SDK may only collect non-Personal Information to show non-interest based advertising.
I have also added a consent button in settings in my app where the user can revoke consent when they wish and the app takes to more info screen either to buy no ads or consent option is shown.
This is the internal data structure:
gameData.consentDataNoAdsFeatureBuy = false
This is so far I could think of now after the appodeal privacy update. I was hoping they would take consent from user from the first ad screen being displayed.
For me a backend server would create added complexity that i am not prepared to do now.
You can pay for an IP geolocation service. Something like https://www.digitalelement.com/geolocation/
Don't know if theres any good free ones? https://ipstack.com/ is free for 10.000 requests / month. I'm thinking of hosting one on our own server and use that.
Thanks for sharing! I like your idea with giving the player the option to buy the no-ads IAP if they decline the consent or opt out.
- Sheekore likes this
Appodeal has put a new article on GDPR: https://blog.appodeal.com/blog/2018/05/08/appodeal-gdpr-guide/
Any idea to display window with consent only in EU countries? Free way of course
Anyone used system.getPreference( "locale", "country" ) before? How reliable is it? I'm thinking of checking that and if they are in a EU country I don't load any ads.
Also thinking about doing this for checking if a user is EU, but no idea if it will be considered good enough?. But checking IP isn't foolproof either.
How to do the ip-check in an easy way though? I've looked at some services, but they tend to have costs / rate limits etc. I know that google app engine has it built-in but seems a bit overkill to set up a backend services only for this. That's why i'm thinking of checking the users locale instead. But might not be a good idea
Appodeal has a new dedicated GDPR page: https://www.appodeal.com/home/gdpr/
I highly recommend that people read it. One of the main take-aways I got from this was this in their FAQ section:
Do I have to request a consent only from EU users?
As the global privacy laws change, we recommend to request a consent from all users once, no matter where they are currently located. That will eliminate mistakes of not collecting consent from EU residents who are on a vacation elsewhere, for example.
I know this will annoy a lot of end users, but they feel (and I kind of agree) that you can't trust any method of determining where someone one is because of things like vacations, VPNs etc. Given the various Facebook vs. privacy issues here in the United States, your customers may actually enjoy having that control too.
- bgmadclown and Sheekore like this
- bgmadclown likes this
That is Appodeal's plan. There are two situations outlined here: https://blog.appodeal.com/blog/2018/05/08/appodeal-gdpr-guide/
1. You are using an older SDK (if you update now and don't wait on our new Corona Appodeal plugin). You still have to ask for permission. If it's not granted or if you don't ask, then don't initialize the plugin and show ads. This is an all-or-nothing situation. No permission, no ads.
2. If you wait until we get our new plugin out using Appodeal SDK 2.3.3, then you have the option of passing that consent information to Appodeal. In your situation, you could always send "declined" and get non-targeted, less relevant ads, which is the situation you're describing. I'm trying to find out what this means with regards to eCPM.
- Sheekore likes this
Also tagged with one or more of these keywords: appodeal, eula, privacy, ads
Corona APIs →
Monetization (in-app purchases, ads, etc.) →
Corona APIs →
Monetization (in-app purchases, ads, etc.) →
Getting Started →
Newbie Questions →
Corona Marketplace →
Corona Premium Plugins →