Privacy laws compliancy

Smart is committed to ensuring that our services comply with the European Union’s General Data Protection Regulation (GDPR) and other regulatory frameworks. The publishers must make sure that an appropriate legal basis has been granted to collect and process the users’ personal data. To help the publishers provide the appropriate datapoints.

This page explains you how to comply with some of these legislations.

  1. GDPR (EU)
    1. Consent Management Provider
    2. Passing user's consent to Smart Instream SDK
    3. Passing CCPA consent string to Smart Instream SDK
    4. Note about TCF v1.1 support
  2. CCPA (California)
    1. Passing CCPA consent string to Smart Instream SDK

GDPR (EU)

Under the GDPR, you must make certain disclosures to your users in the European Economic Area (EEA) and obtain their consent to use, where legally required, their personal data (such as AdID) to serve ads or process some analytics.

Interactive Adverstising Bureau (IAB) provides some tools to help you in this process. You might want to read more about how GDPR applies for advertising on iabeurope.eu/transparency-consent-framework.

The first step to apply GDPR is to collect the user's consent about the use of his personal data.

This can be done through a Consent Management Provider (CMP). A CMP is a technology interface (usually an SDK for Apps environment) permitting apps developers to provide transparency and obtain consent where necessary for themselves and/or on behalf of their chosen third parties and to transmit informations about which vendors and which purposes a user has consented to with vendors.

We recommend you integrate any CMP of your choice as long as it is compliant with IAB's framework and specifications since Smart Display SDK will retrieve consent based on these specifications:

Since the in-app environment is cookie-less, the TCF specifies the user’s shared preferences as the storage location for CMP data. From there, Smart Instream SDK retrieves the consent signals and pass them to the ad request. The GDPR consent string have to be stored in the SharedPreferences on Android and in the NSUserDefaults on iOS, both by using the key IABTCF_TCString. Our SDK will get the consent string directly from the SharedPreferences/NSUserDefaults with the official IAB key.

By using a CMP (compliant with the IAB specifications) you will have nothing to do. On the other hand, if you are using any other CMP that do not respect the IAB specifications, you will have to set the consent string in the SharedPreferences/NSUserDefaults manually.

By using the code below, you will set the consent string manually:


SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext());
SharedPreferences.Editor editor = prefs.edit();
editor.putString("IABTCF_TCString", "yourCMPComputedConsentStringBase64format");
editor.apply();
      

NSString *myConsentString = @"yourCMPComputedConsentStringBase64format";
[[NSUserDefaults standardUserDefaults] setObject:myConsentString forKey:@"IABTCF_TCString"];
[[NSUserDefaults standardUserDefaults] synchronize];
      

Some third party mediation SDKs are not IAB compliant and do not rely on the consent string. Those SDK use, most of the time, a binary consent for the advertising purpose.

If you are using one or more of those SDK through Smart mediation, you can set this binary consent for all adapters at once by settings the String "1" (if the consent is granted), or "0" (if the consent is denied) in the SharedPreferences/NSUserDefaults for the key Smart_advertisingConsentStatus.


SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext());
SharedPreferences.Editor editor = prefs.edit();
editor.putString("Smart_advertisingConsentStatus", "1" or "0");
editor.apply();
      

NSString *advertisingBinaryConsentString = @"1" or @"0";
[[NSUserDefaults standardUserDefaults] setObject:myConsentString forKey:@"Smart_advertisingConsentStatus"];
[[NSUserDefaults standardUserDefaults] synchronize];
      

Handle User and App identifiers

Since 7.16.0, the following identifiers won’t be sent in the ad call when Smart is not given the user’s consent: the UID, the IFA, the IFV, and the DNTID. This happens when gdprApplies=1 and there is no consent-string or when there is non-consent for the purposes Smart requires. You will find more information in our Help Center.

Note about TCF v1.1 support

The latest versions of do not support TCF v1 anymore.

CCPA (California)

The California Consumer Privacy Act (CCPA) is a privacy law applying to all residents of California (United States). It has been voted in 2018 and became effective in January 2020.

You can find more information about this law and how to comply with it in the dedicated IAB website.

As for GDPR, the IAB CCPA framework defines a consent string that will be obtained by a CMP and forwarded to all third parties by the SDK.

The CCPA consent string have to be stored in the SharedPreferences on Android and in the NSUserDefaults on iOS, both by using the key IABUSPrivacy_String. Our SDK will get the consent string directly from the SharedPreferences/ NSUserDefaults with the official IAB key.

By using a CMP (compliant with the IAB specifications) you will have nothing to do. On the other hand, if you are using any other CMP that do not respect the IAB specifications, you will have to set the consent string in the SharedPreferences/ NSUserDefaults manually.

By using the code below, you will set the consent string manually:


SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(getContext());
SharedPreferences.Editor editor = prefs.edit();
editor.putString("IABUSPrivacy_String", "1---");
editor.apply();
      

NSString *myConsentString = @"1---";
[[NSUserDefaults standardUserDefaults] setObject:myConsentString forKey:@"IABUSPrivacy_String"];
[[NSUserDefaults standardUserDefaults] synchronize];