Privacy laws compliancy

In the past years, several laws were introduced to ensure that user's private data are handled with their consent. The first law of this kind has been the GDPR in Europe, but there is now several similiar laws in other regions.

This page explains you how to comply with some of those regulations.

  1. GDPR (EU)
    1. Consent Management Provider
    2. Passing user's consent to Smart Instream SDK
    3. Note about TCF v1.1 support
  2. CCPA (California)
    1. Passing CCPA consent string to Smart Instream SDK

GDPR (EU)

Starting May 25th 2018, the new General Data Protection Regulation (GDPR) law applies in Europe. Every publisher based in Europe or offering services to users in Europe is required to comply with this regulation and collect the user's consent to use his personal data for various purposes, such as analytics or advertisements.

Interactive Adverstising Bureau (IAB) provides some tools to help you in this process

You might want to read more about how GDPR applies for adverstising on iabeurope.eu/transparency-consent-framework.

The first step to comply with GDPR is to collect the user's consent about the use of his personal data.

This can be done through various tools such as Consent Management Provider (CMP). A CMP is a technology interface (usually an SDK for Apps environment) allowing apps developers to provide transparency and obtain consent where necessary for themselves and/or on behalf of their chosen third parties and to transmit informations about which vendors and which purposes a user has consented to with vendors.

IAB provides an open-source CMP, based on IAB's Transparency and Consent Framework 2.0. We recommend you to integrate this library into your apps. Of course you can also integrate another CMP of your choice as long as it is compliant with IAB's framework and specifications since Smart Instream SDK will retrieve consent based on these specifications.

The GDPR consent string have to be stored in the SharedPreferences on Android and in the NSUserDefaults on iOS, both by using the key IABTCF_TCString. Our SDK will get the consent string directly from the SharedPreferences/NSUserDefaults with the official IAB key.

By using a CMP (compliant with the IAB specifications) you will have nothing to do. On the other hand, if you are using any other CMP that do not comply with the IAB specifications, you will have to set the consent string in the SharedPreferences/NSUserDefaults manually.

By using the code below, you will set the consent string manually:


SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext());
SharedPreferences.Editor editor = prefs.edit();
editor.putString("IABTCF_TCString", "yourCMPComputedConsentStringBase64format");
editor.apply();
      

NSString *myConsentString = @"yourCMPComputedConsentStringBase64format";
[[NSUserDefaults standardUserDefaults] setObject:myConsentString forKey:@"IABTCF_TCString"];
[[NSUserDefaults standardUserDefaults] synchronize];
      

Some third party mediation SDKs are not IAB TCF compliant and do not rely on the consent string. Those SDK use, most of the time, a binary consent for the advertising purpose.

If you are using one or more of those SDK through Smart mediation, you can set this binary consent for all adapters at once by settings the String "1" (if the consent is granted), or "0" (if the consent is denied) in the SharedPreferences/NSUserDefaults for the key Smart_advertisingConsentStatus.


SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext());
SharedPreferences.Editor editor = prefs.edit();
editor.putString("Smart_advertisingConsentStatus", "1" or "0");
editor.apply();
      

NSString *advertisingBinaryConsentString = @"1" or @"0";
[[NSUserDefaults standardUserDefaults] setObject:myConsentString forKey:@"Smart_advertisingConsentStatus"];
[[NSUserDefaults standardUserDefaults] synchronize];
      

Note about TCF v1.1 support

We recommend that you migrate to a CMP compatible with TCF v2.0 as soon as possible.

The Smart Instream SDK is however still support consent strings generated by TCF v1.1 CMPs (or consent string manually sets using the old IABConsent_ConsentString key). If both TCF v1.1 & TCF v2.0 consent strings are available, only the TCF v2.0 will be used.

CCPA (California)

The California Consumer Privacy Act (CCPA) is a law applying to all residents of the state of California (United States). It became effective in January 2020.

You can find more information about this law and how to comply with it on the dedicated IAB website.

As for GDPR, the IAB CCPA framework defines a consent string that will be obtained by a CMP and forwarded to all third parties by the SDK.

The CCPA consent string have to be stored in the SharedPreferences on Android and in the NSUserDefaults on iOS, both by using the key IABUSPrivacy_String. Our SDK will get the consent string directly from the SharedPreferences / NSUserDefaults with the official IAB key.

By using a CMP (compliant with the IAB specifications) you will have nothing to do. On the other hand, if you are using any other CMP that do not respect the IAB specifications, you will have to set the consent string in the SharedPreferences/NSUserDefaults manually.

By using the code below, you will set the consent string manually:


SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext());
SharedPreferences.Editor editor = prefs.edit();
editor.putString("IABUSPrivacy_String", "1---");
editor.apply();
      

NSString *myConsentString = @"1---";
[[NSUserDefaults standardUserDefaults] setObject:myConsentString forKey:@"IABUSPrivacy_String"];
[[NSUserDefaults standardUserDefaults] synchronize];