GDPR: Get Your Mobile Apps Ready

Why should you read this article ?
Because you’ll get tips on getting mobile apps ready for GDPR, which goes into effect on May 25, 2018.

GDPR will go into effect on Friday. Here are a few reminders to help you get ready!

How does GDPR impact mobile app advertising?

Under GDPR, the use of mobile advertising IDs and other personal data will be restricted to users who have explicitly given their consent. In the mobile app environment, the IDFA / Advertising ID / Lat-long are the typical types of personal data that will require consent from the user before being processed by any vendor.

The consent information needs to be stored and transmitted throughout the advertising ecosystem as presented in the illustration below.


Source, IAB Europe, Presentation, March 8th 2018

What is “consent” according to GDPR?

Key principles

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

-The data subject has the right to withdraw his or her consent at any time

-The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data

What GDPR solutions and guidelines has the IAB published?

The IAB has released the Advertising Industry’s Transparency & Consent Framework, which provides a technical industry solution allowing website operators and mobile app providers to

-Control the vendors they wish to allow to access their users’ browsers or apps and process their personal data, and disclose these choices to other parties in the online advertising ecosystem

-Seek user consent under the ePrivacy Directive (for setting cookies or similar technical applications that access information on a device) and/or the GDPR in line with applicable legal requirements, and signal the consent status through the online advertising ecosystem

In that regard, the IAB framework recommends actors implement a Consent Management Provider (CMP). A CMP provides publishers and advertisers with a mechanism to obtain consent, and then control which third-party vendors can request consent to track users of their websites and apps.

How can app developers comply with GDPR within the Framework of the IAB ?

iOS apps

Choose a CMP. The list of IAB approved CMPs is here.

Smart has developed an open source CMP SDK for iOS. 

Upgrade application advertising SDK.

For Smart customers: Display SDK version 6.9 & Instream video SDK version 1.2.0

Before May 25th 

Android apps

Choose a CMP. The list of IAB approved CMPs is here.

Smart has developed an open source CMP SDK for Android.

Before May 25th 

What are the benefits of the Smart Mobile App CMP?

-Free of charge

-Open source CMP

Native solution to offer optimized time load and user experience

Independent from our Display and Instream SDK

Compliant with IAB Transparency & Consent Framework specifications

Where can you find the Smart Open Source Mobile CMP? 


Android CMP

What are the risks for app publishers who DON’T implement a CMP and DON’T collect consent for each vendor involved?

The CMP aims at providing a complete solution to ensure full compliance with GDPR by enabling user consent management for every involved vendor. Publishers need to be aware of that when making their choice (or when implementing their consent management solution).

Our legal manager Karine Laye shares the following insight:

“When a publisher acts as Data “controller”, he is responsible for the collection of a valid consent, explicit and freely given from its users. Every user should then be able to freely accept the processing of their  data by being clearly informed. The user has the right to know who accesses their data, and for what purposes. A user shouldn’t accept that http calls containing its user identifier are transmitted to all third party partners of a single vendor without being previously informed by the publisher. This topic is particularly sensitive for mobile apps because mobile user ID are more persistent than cookies.”


Related News

We deliver scoop on the latest in ad tech! Get news, tips and thought leadership focused on programmatic, quality, mobile, video, gaming, innovative formats, ad serving, quality and more. Smart covers it all!