Flurry Monetization and GDPR¶
(updated: April 5, 2018, 11:00AM Pacific)
What is GDPR?¶
The EU General Data Protection Regulation, or GDPR, is a set of requirements generally designed to give people in Europe, or “data subjects”, more protection of and control over their data. The requirements generally apply to all organizations or products: (1) in any location and industry, that process the personal data of data subjects; or (2) that operate out of the EU.
For consumers, GDPR provides new and stronger rights with regard to their data. Once in effect, consumers will generally be able to access their data, edit or correct it, move it, erase it, opt out of certain uses and restrict it from being processed.
For companies, GDPR requires measures to protect personal data and to notify authorities, and possibly data subjects, if there is ever a breach of personal data by those companies or their vendors. It also introduces new transparency and accountability requirements for processing personal data, including clear notice of data collection and type of data use, and to keep records of data processing.
Flurry Ads as a Co-Controller¶
Flurry Ads acts as a co-controller for the purpose of GDPR compliance. Flurry Ads SDK provides consent APIs that a publisher can integrate with, to share end user consent for ads.
SDK will determine the EU jurisdiction for the user if the publisher upgrades to the GDPR compliant version of SDK with no integration of consent APIs. If device IP is not in EU country list that falls under GDPR laws, then ads will be served as usual.
Publisher will determine whether GDPR scope applies to the app or user/ device and if applicable, capture end user consent in IAB EU Transparency Consent Framework format. App will pass two new params to SDK:
isGdprScope - false: not in GDPR scope or true: in GDPR scope
consentStrings - multiple consent strings to keep options open for non-IAB consent strings once Oath Ad systems extend beyond IAB consent string formats. Sample IAB Consent String.
Important: For now, end user consent string must be passed with key name IAB. Anything else will be ignored by ad systems.
Please Note: This is a living document. New details will be added as they become available.