We’ll provide GDPR instruction and guidance by the end of this week.
Thanks,
We have updated our privacy policy according to GDPR requirement.
For EU users, you should add a paragraph in your game’s privacy about SDKBOX data collection and the opt-out option. You could also add a link to our policy.
Please note that you should do a similar disclosure for any SDK that you integrated through a plugin.
Okay, thanks for update.
I can see opt-out option, but that is from user-side. You had given link to switch off sharing Advertising-ID.
But you have to give option to delete user’s info stored into your server such as Advertising-ID & IP-address as per GDPR compliance.
Yes, you are correct. There is a section in the policy about that: “DATA RETENTION & DELETION”. We will be building more tools later on.
Before GDPR deadline or after that?
Will you also be supporting third party consent mechanisms instead of just telling people to opt out through the settings?
Admob/DFP for example now have this documentation: https://developers.google.com/admob/android/eu-consent
Bundle extras = new Bundle();
extras.putString("npa", "1");
AdRequest request = new AdRequest.Builder()
.addNetworkExtrasBundle(AdMobAdapter.class, extras)
.build();
This allows us to request non personalized ads programmatically. This way the user does not have to turn off the Advertising ID setting system wide.
maybe I need to update the AdMob plugin again for the DFP.
The plugin / consent sdk are not live yet, so until then there’s not much we can do. Consent SDK is not public yet, and the Admob plugin with the code snippet I posted above did not seem to send any different ads yet. I’m guessing they’re still busy getting things ready.
Probably after. It’s a manual process for now.
Yeah, we will support third party consent mechanisms once they are available. If consent is rejected, there will be no data collection w/o the need to turn off the Advertising ID.
Only in English. Maybe try it with google translate?
You almost certainly need to not just translate, but localise (in the sense of l10n), your legal documents, including your TOS and privacy policy.
Localization refers to the adaptation of a product, application or document content to meet the language, cultural and other requirements of a specific target market (a locale).”
Thanks, we will look into it.
It seems that most of the third party SDKs in our plugins don’t have any localized privacy either… These all need to be kept polishing.
Before it was not very necessary but after 25 May it seems it’s necessary.
- The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.
Ok, we will look into adding l10n versions.
1 Like
A popup for consent is ok but you also need to add possibility to change decision and remove all users data.
http://www.privacy-regulation.eu/en/article-17-right-to-erasure-‘right-to-be-forgotten’-GDPR.htm
- The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her
Fore example Firebase analytics has resetAnalyticsData
@sdkbox_dpo We use iap module only.
In case user refuses privacy policy, we should not use sdkbox?
And probably close app and ask to consent with policy again on next run?
@dimon4eg It’s quite natural to let the users play your game IF AND ONLY IF they accept your privacy policy.
But, if what you’re asking is that one of your end-users refuses SDKBOX from collecting his or her data, then according to the privacy policy of SDKBOX, they have to change the settings of his/her device.
(See the section End User Opt-Out of http://www.sdkbox.com/privacy)
In that case, (the user change the setting of his device), I suppose that your app will continue using SDKBOX to serve the options to purchase in your app but SDKBOX will not collect more info from the end-user.
hope this helps!
Thank you for information.