Is SDKBOX EU-GDPR compliance ready?

Is SDKBOX EU-GDPR compliance ready?
0.0 0

#1

Hello,

I hope you may already know about EU-GDPR compliance.
is SDKBOX ready for that? as deadline is just one month away.

Regards,
Smit


#2

yes, please update to the version 2.3.17.9 (2018.04.10).

Thanks,


#3

Thanks for quick reply.
Do we have to show any kind of popup or msg or sdkbox policy or something-else into game?


#4

@yinjimmy @slackmoehrle

I am still waiting for answer, as its very important.


#5

I suppose you have to put, at least, one popup at the beginning of the game, where the user accepts your policy, because, quoting sdkbox policy:

3. COLLECTION AND USE OF INFORMATION

Our primary goals in collecting and using information are to provide and improve the Online Services, to administer and assist you with your Online Services account, and to provide you with a better experience with the Online Services. We store and process information in the United States. If you are located outside of the United States and choose to provide information to us and/or enable us to collect information from your end users, you hereby consent to the transfer of such information to the United States and represent and warrant that you have obtained all required end user consents.


#6

@yinjimmy will need to answer this. I don’t know the answer or what would need to be done to achieve this if it is not already in place.


#7

We’ll provide GDPR instruction and guidance by the end of this week.
Thanks,


SDKBOX use policy
#8

We have updated our privacy policy according to GDPR requirement.

For EU users, you should add a paragraph in your game’s privacy about SDKBOX data collection and the opt-out option. You could also add a link to our policy.

Please note that you should do a similar disclosure for any SDK that you integrated through a plugin.


SDKBOX use policy
#9

Okay, thanks for update.
I can see opt-out option, but that is from user-side. You had given link to switch off sharing Advertising-ID.
But you have to give option to delete user’s info stored into your server such as Advertising-ID & IP-address as per GDPR compliance.


#10

Yes, you are correct. There is a section in the policy about that: “DATA RETENTION & DELETION”. We will be building more tools later on.


#11

Before GDPR deadline or after that?


#12

Will you also be supporting third party consent mechanisms instead of just telling people to opt out through the settings?

Admob/DFP for example now have this documentation: https://developers.google.com/admob/android/eu-consent

Bundle extras = new Bundle();
extras.putString("npa", "1");

AdRequest request = new AdRequest.Builder()
        .addNetworkExtrasBundle(AdMobAdapter.class, extras)
        .build();

This allows us to request non personalized ads programmatically. This way the user does not have to turn off the Advertising ID setting system wide.


Android admob and the General Data Protection Regulation (GDPR)
#13

maybe I need to update the AdMob plugin again for the DFP.


#14

The plugin / consent sdk are not live yet, so until then there’s not much we can do. Consent SDK is not public yet, and the Admob plugin with the code snippet I posted above did not seem to send any different ads yet. I’m guessing they’re still busy getting things ready.


#15

Probably after. It’s a manual process for now.


#16

Yeah, we will support third party consent mechanisms once they are available. If consent is rejected, there will be no data collection w/o the need to turn off the Advertising ID.


#17

@sdkbox_dpo do you have translated SDKBOX policy to other languages?


#18

Only in English. Maybe try it with google translate?


#19

https://www.quora.com/Do-I-need-to-translate-terms-of-use-and-privacy-policy-when-launching-a-translated-version-of-a-site-to-a-different-country

You almost certainly need to not just translate, but localise (in the sense of l10n), your legal documents, including your TOS and privacy policy.

Localization refers to the adaptation of a product, application or document content to meet the language, cultural and other requirements of a specific target market (a locale).”


#20

Thanks, we will look into it.

It seems that most of the third party SDKs in our plugins don’t have any localized privacy either… These all need to be kept polishing.