Skip to end of metadata
Go to start of metadata

SDK Privacy for Android

Xandr's mobile SDKs include client support for both the General Data Protection Regulations (GDPR)  and the California Consumer Privacy Act (CCPA).

GDPR provides regulations for the processing, movement, and protection of personal data within the European Union. CCPA creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by organizations.

This resource should not be construed as legal advice and Xandr makes no guarantees about compliance with any law or regulation.  Please note that because every company and its collection, use, and storage of personal data is different, you should also seek independent legal advice relating to obligations under European regulations, including the GDPR and the existing ePrivacy Directive. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.

Note our Service Policies (for Buying, Selling, and Data Providers) include privacy-specific obligations of which you should be aware.

Publishers are responsible for providing notice, transparency, and choice and for collecting consent from their users in accordance with the Framework policies, either using their own Consent Management Provider or working with a vendor.

All vendor SDKs (including mediation SDKs) are responsible for looking up approved vendor and consent information on their own; Xandr does not pass this information to these SDKs

GENERAL DATA PROTECTION REGULATIONS

In order for our clients to meet their transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive, Xandr supports the IAB Europe Transparency & Consent Framework (the "Framework").

This is a reference for mobile app publishers using Xandr's Mobile SDK to surface notice, transparency and choice to end users located in the EEA and signal approved vendors and, where necessary, pass consent, to Xandr and demand sources and their vendors through the Xandr platform.

Xandr provides three APIs in the Mobile SDK for mobile app publishers to use the Framework. (These  APIs are available in Mobile SDK version 4.8+ for Android and 4.7.1+ for iOS.) These APIs allow you to:

  • Define whether the user is located in the European Economic Area (the "EEA") and that European privacy regulations should apply
  • Set the IAB Europe (IAB) consent string
  • Set the  IAB Europe  (IAB) purpose consents

This information will be persisted by the SDK and will be added to each ad call for applying platform controls

Publishers/Consent Management Platforms (CMPs) are free to store these values in a SharedPreferences interface (as defined by  Mobile In-App CMP API v2.0: Transparency & Consent Framework ) instead of passing them via the new APIs, and the SDK will read the values as a fallback.

To ensure proper monetization and relevant targeting, the SDK should be enabled to send the device information. Setting the consentRequired and purposeConsents flag correctly will help ensure proper device information is sent. Refer to the table below to determine whether the device details will be passed or not.

The table below describes the actions taken for the different purposeConsents values in combination with consentRequired values.

 truefalseundefined
consentRequired=falseThe SDK will pass device info.The SDK will not pass device info.The SDK will pass device info.
consentRequired=true The SDK will pass device info.The SDK will not pass device info.The SDK will not pass device info.
consentRequired=undefined The SDK will pass device info.The SDK will not pass device info.The SDK will pass device info.

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

Xandr provides three APIs that enable SDK users to set, retrieve and clear U.S. Privacy User Signal Mechanism controls. The IAB Tech Lab has formalized and adopted the "us_privacy" string as the mechanism to encode data about the information disclosed to the user and user elections under various US privacy laws, starting with the CCPA.

This information will be persisted by the SDK and will be added to each ad call for applying platform controls 

Publishers/Consent Management Platforms (CMPs) are free to store these values in a SharedPreferences interface (as defined by IAB's CCPA Compliance Mechanism) instead of passing them via the new APIs, and the SDK will read the values as a fallback.

 

 

 

  • No labels