Android SDK Guide to General Data Protection Regulation (GDPR)
In order for our clients to meet their transparency, notice and choice/consent requirements under the GDPR and the existing ePrivacy Directive, Xandr supports the IAB Europe Transparency & Consent Framework (the "Framework").
This is a reference for mobile app publishers using Xandr's Mobile SDK to surface notice, transparency and choice to end users located in the EEA and signal approved vendors and, where necessary, pass consent, to Xandr and demand sources and their vendors through the Xandr Platform.
This resource should not be construed as legal advice and Xandr makes no guarantees about compliance with any law or regulation. Please note that because every company and its collection, use, and storage of personal data is different, you should also seek independent legal advice relating to obligations under European regulations, including the GDPR and the existing ePrivacy Directive. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.
Note our Service Policies (for Buying, Selling, and Data Providers) include privacy-specific obligations of which you should be aware.
Xandr provides two APIs in the Mobile SDK for mobile app publishers to use the Framework. (These APIs are available in Mobile SDK version 4.8+ for Android and 4.7.1+ for iOS.) These APIs allow you to:
- define whether the user is located in the European Economic Area (the "EEA") and that European privacy regulations should apply
- set the IAB Europe (IAB) consent string
This information will be persisted by the SDK and will be added to each ad call for applying platform controls. Publishers/Consent Management Platforms (CMPs) are free to store these values in an NSUserDefaults/SharedPreferences interface (as defined by Mobile In-App CMP API v1.0: Transparency & Consent Framework) instead of passing them via the new APIs, and SDK will read the values as a fallback.
Publishers are responsible for providing notice, transparency and choice and collecting consent from their users in accordance with the Framework policies, either using their own CMP or working with a vendor.
All vendor SDKs (including mediation SDKs) are responsible for looking up approved vendor and consent information on their own; Xandr does not pass this information to these SDKs.
A reference implementation will be provided at a later date to demonstrate the usage of the APIs.