Privacy laws compliancy

Equativ is committed to ensure that our services comply with the European Union’s General Data Protection Regulation (GDPR) and other regulatory frameworks. The publishers must make sure that an appropriate legal basis has been granted to collect and process the users’ personal data. To help the publishers provide the appropriate datapoints.

This page explains you how to comply with some of these legislations.

Table of contents

  1. Global Privacy Platform (GPP)
    1. Consent Management Provider (CMP)
    2. User and App Identifiers
    3. Location retrieval
  2. TCFv2
    1. Consent Management Provider (CMP)
    2. Passing user’s consent to Equativ Display SDK
    3. User and App identifiers
  3. CCPA (California)
    1. Passing CCPA consent string to Equativ Display SDK
  4. iOS App Privacy details
  5. Automatic location retrieval

Global Privacy Platform (GPP)

The Global Privacy Platform (GPP) is an IAB specification helping all stakeholders in digital advertising to support regional privacy regulations more easily. GPP streamlines the transmission of privacy and consent signals from sites and apps across jurisdictions to ad tech providers. You will find more information in our Help Center.

The Equativ Display SDK handles both TCFEU2 and USP1 frameworks via GPP, and rely on them to handle User ID sharing and location retrieval. You will find more information below.

Despite Equativ Display SDK compliancy with GPP, it is still compatible with the older TCFv2 and CCPA frameworks, outside GPP. Note that, for ID sharing and Location retrieval, GPP will have priority. The Equativ Display SDK will fallback on older TCv2 and CCPA frameworks only if there is no GPP string available, or if the CMP implementation is broken.

Consent Management Provider (CMP)

The first step to apply any consent framework handled by GPP is to collect the user’s consent about the use of his personal data.

This can be done through a Consent Management Provider (CMP). A CMP is a technology interface (usually an SDK for Apps environment) permitting apps developers to provide transparency and obtain consent where necessary for themselves and/or on behalf of their chosen third parties and to transmit informations about which vendors and which purposes a user has consented to with vendors.

We recommend you integrate any CMP of your choice as long as it is compliant with IAB’s framework and specifications since Equativ Display SDK will retrieve consent based on these specifications:

IAB In-App Reference CMP for GPP

User and App Identifiers

As we are doing with TCFv2 compliancy, some identifiers won’t be sent in the ad call when Equativ is not given the user’s consent retrieved by GPP. The identifiers are the UID, the IFA, the IFV, and the DNTID. This happens if any of the juridiction handled under GPP do not give the consent. As the Equativ Display SDK currently handles TCFEU2 and USP1 via GPP, if any of those reject the consent, the identifiers won’t be sent.

Location retrieval

The location is not sent in the ad call when Equativ is not given the user’s consent retrieved by GPP. This happens if any of the juridiction handled under GPP do not give the consent. As the Equativ Display SDK currently handles TCFEU2 and USP1 via GPP, if any of those reject the consent, the identifiers won’t be sent.

You will find more information about automatic location retrieval here.

TCFv2

Under the GDPR, you must make certain disclosures to your users in the European Economic Area (EEA) and obtain their consent to use, where legally required, their personal data (such as AdID) to serve ads or process some analytics.

Interactive Adverstising Bureau (IAB) provides some tools to help you in this process. You might want to read more about how GDPR applies for advertising on iabeurope.eu/transparency-consent-framework.

Consent Management Provider (CMP)

Like for GPP CMP, we recommend you integrate any CMP of your choice as long as it is compliant with IAB’s framework and specifications since Equativ Display SDK will retrieve consent based on these specifications:

IAB In-App Reference CMP for TCFv2

Since the in-app environment is cookie-less, the TCF specifies the user’s shared preferences as the storage location for CMP data. From there, Equativ Display SDK retrieves the consent signals and pass them to the ad request. The GDPR consent string have to be stored in the SharedPreferences on Android and in the NSUserDefaults on iOS, both by using the key IABTCF_TCString. Our SDK will get the consent string directly from the SharedPreferences/NSUserDefaults with the official IAB key.

By using a CMP (compliant with the IAB specifications) you will have nothing to do. On the other hand, if you are using any other CMP that do not respect the IAB specifications, you will have to set the consent string in the SharedPreferences/NSUserDefaults manually.

By using the code below, you will set the consent string manually:

Kotlin

val prefs = PreferenceManager.getDefaultSharedPreferences(getContext())
val editor = prefs.edit()
editor.putString("IABTCF_TCString", "yourCMPComputedConsentStringBase64format")
editor.apply()

Swift

let myConsentString = "yourCMPComputedConsentStringBase64format"
UserDefaults.standard.set(myConsentString, forKey: "IABTCF_TCString")
UserDefaults.standard.synchronize()

User and App identifiers

The following identifiers won’t be sent in the ad call when Equativ is not given the user’s consent: the UID, the IFA, the IFV, and the DNTID. This happens when gdprApplies=1 and there is no consent-string or when there is non-consent for the purposes Equativ requires. You will find more information in our Help Center.

CCPA (California)

The California Consumer Privacy Act (CCPA) is a privacy law applying to all residents of California (United States). It has been voted in 2018 and became effective in January 2020.

You can find more information about this law and how to comply with it in the dedicated IAB website.

As for GDPR, the IAB CCPA framework defines a consent string that will be obtained by a CMP and forwarded to all third parties by the SDK.

The CCPA consent string have to be stored in the SharedPreferences on Android and in the NSUserDefaults on iOS, both by using the key IABUSPrivacy_String. Our SDK will get the consent string directly from the SharedPreferences/NSUserDefaults with the official IAB key.

By using a CMP (compliant with the IAB specifications) you will have nothing to do. On the other hand, if you are using any other CMP that do not respect the IAB specifications, you will have to set the consent string in the SharedPreferences/NSUserDefaults manually.

By using the code below, you will set the consent string manually:

Kotlin

val prefs = PreferenceManager.getDefaultSharedPreferences(getContext())
val editor = prefs.edit()
editor.putString("IABUSPrivacy_String", "1---")
editor.apply()

Swift

let myConsentString = "1---"
UserDefaults.standard.set(myConsentString, forKey: "IABUSPrivacy_String")
UserDefaults.standard.synchronize()

iOS App Privacy details

Apple now requires you to disclose user data that your app is collecting, and the purpose of this collection. You will need to provide these information when submitting a new app or and app update starting December 8th, 2020.

Since the Equativ Display SDK collects some user data, you MUST declare in addition to the data collected by your app!

You can find more information about the data collected by the Equativ Display SDK and how to answer Apple’s questions on dedicated page:

App Privacy details configuration

The data collected and processed can change from a SDK release to another, remember to check this page every time your update the Equativ Display SDK.

Automatic location retrieval

The Equativ Display SDK can automatically retrieve the user’s location if it has already been collected by your app. This can be useful to increase your app advertising revenue.

Note that if your application is compliant with GPP, the location won’t be sent in the ad call if the user does not give his consent. However, if your application is not GPP compliant, it is your responsability to ensure that you have proper user consent before using this automatic location feature and that your are compliant with the local laws and regulation.

You can find more information on how to enable automatic location retrieval in the integration documentation:


Back to top

Copyright Equativ © 2024. All right reserved.

Page last modified: Aug 21 2024.