Gdpr - Collecting Consent From End-users & New Sdks For Bb

Discussion in 'Technical Discussion' started by Christoph, May 17, 2018.

  1. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    @Andy @ZackGriset @TreySmith

    May 25 is the deadline for GDPR and it seems, in my understanding, that we need to ask the user for their consent to collect data or not. Are you guys aware of that? And will we be able to do that in Buildbox directly?

    What collects user data?
    - Game Analytics
    - Heyzap
    - Appodeal
    - all single third party ad providers you can implement directly in Buildbox

    I would appreciate if you guys can help us to understand what is happening and what we'll need. First I thought we can only update our privacy policy. But it seems the consent is an absolute must to be able to provide ads and use analytics.

    If this is the case, I definitely do not want something standardized that looks ugly when a user opens the game for the first time. I would want to have this integrated in my games seamlessly.

    On the other hand, we will need to be able to use all latest SDKs that are compliant with the GDPR for all ad providers within Buildbox and/or through Heyzap/Appodeal which means we would need an update for all those SDKs before May 25th.

    Is this something that is planned already? Or what is the approach by Buildbox? I'm asking this because Buildbox has been always very slow to update external SDKs.

    Interesting links:
    https://blog.appodeal.com/blog/2018/05/16/gdpr-qa-getting-closer-date/
    https://blog.appodeal.com/blog/2018/05/08/appodeal-gdpr-guide/
    https://www.fyber.com/legal/gdpr-faqs/
     
    Last edited: May 17, 2018
    swiftcurrent likes this.
  2. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    IMG_17052018_175936_0.png
    Not funny lol

    Just got back from Appodeal. They say it is mandatory the user consent. Not because of them, but because of the third party ad networks who all collect personal data.
     
    Benfont likes this.
  3. TreySmith

    TreySmith Administrator Staff Member

    Joined:
    Sep 24, 2015
    Messages:
    294
    Likes Received:
    937
    So, Buildbox does not personally collect data on games you export. We don't collect any personal data on your games, or users, and send them to our servers.

    Obviously 3rd party ad companies do, and each one will probably handle this differently. It's a mess. No one is being clear on it, and everyone is scared to give any legal advice (for good reason).
     
    Last edited: May 17, 2018
  4. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    From what I understand after researching this the entire day, you basically can not show ads in Europe if you don't ask the end-user for his/her consent.

    For example if you use admob (setup directly in Buildbox) and do not ask the user if he agrees, then you are doing it illegally which is why Admob simply won't deliver ads anymore (because they would be guilty as well if they do deliver).

    This - obviously - is the case for any ad company you can setup directly in Buildbox, including mediators as Heyzap or Appodeal.

    So as long as we don't have a way of asking for consent and send this decision to the ad networks, we won't be able anymore to monetize our games.

    Reading your reply @TreySmith it seems that we won't get an official solution any time soon. Is this correct? I'd definitely need to know because our business depends on it.
     
  5. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    Some more links:
    Game Analytics: https://gameanalytics.com/gdpr-faq
    Tapdaq: http://support.tapdaq.com/frequently-asked-questions/gdpr-faq

    It seems it is even more complicated with individuals under the age of 16.

    In short, yes, it is a mess. But if the engine we use is not able to help resolve it, then we are in an even bigger mess.
     
  6. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    Basically what we can do is make an UI that specifies the GDPR compliant information and asks the end-user to agree with it. On this button we can use the URL hook hack we have since some years back and pass the value of consent to the ad network.

    For example in the case of Appodeal they state the following:
     
  7. Wapps1

    Wapps1 Avid Boxer

    Joined:
    Oct 23, 2016
    Messages:
    144
    Likes Received:
    68
    I‘m not sure @Christoph if it is really that hard! I‘m in middle in Europa and i talked a lot with lawyers about the GDPR (because of my daily job)..
    And one think is clear, you are allowed to use and store data to contract fulfillment! (When its not sensitive data like health or religious data.... for sensitive data you must have the Approval of the customer.)
    And a app is also a contract like everything in your daily life (also when you buy a bread at the bakery)

    And you always nead a reason to use the data, in our apps i would say the reason is the contract fulfillment because in a free app the user pays indirectly with watching ads and you need some data for marketing.

    In this case it should be enough to update the privacy policy and maybe give the player the option to read it directly in the app (maybe a link button)

    But i’m no lawyer and it Amazes me something like here Appodeal reacts.. i‘m not sure if they are only afraid of punish and try to roll off responsibility if they get a control from the authority.

    But it’s definitely not easy to figure out as a small game developer.. i think a lawer should check this and give advice.. but i think the big player in this business will do this
     
    Christoph and swiftcurrent like this.
  8. Wapps1

    Wapps1 Avid Boxer

    Joined:
    Oct 23, 2016
    Messages:
    144
    Likes Received:
    68
    And i‘m also not sure if this is the task of the store operator.. because the player should know about the way his data get used before he concludes a contract.. and this would be at the moment the user tabs on the „get“ button in the store...

    To have a general solution i think apple/google have also to handle and give a advice for publishing apps in THERE store!
     
  9. PlayShaft

    PlayShaft Boxer

    Joined:
    Jul 5, 2017
    Messages:
    80
    Likes Received:
    44
    Finally you started talking about it!
    I hope that the BB will make an urgent update when SDK will be released.
     
  10. DariusGuerrero

    DariusGuerrero Moderator Staff Member

    Joined:
    Dec 22, 2016
    Messages:
    460
    Likes Received:
    368
    Here's my personal take on it as a game dev/ publisher, based on my personal interpretation and research, and what I'll do. I'm not saying anyone in this forum emulate this and I'm not saying this in behalf of anyone but myself.

    The consent for non-personalised advertising isn't a requirement from GDPR, but Google's new interpretation of the e-privacy directive from a few years back (the "cookie" law). There's always been an interpretation of the e-privacy directive that doesn't require explicit consent for every cookie you use in your app, which is a thing that has been going on long before, and a lot of our apps haven't had consent forms before.

    Ad companies like MoPub look like they don't need consent for non-personalized ads.

    So, on May 25, I'll turn off serving for personalized ads on EU countries, just to be respectful of their new policy.

    And yes, as far as I know, Google is super cautious of it and they flip flop in their decisions lately. As far as I know, we don't need consent for non-personalized ads. We might need consent to be able to show non-personalized ads using Admob though because Google still collects other data even with non-personalized ads and we might collect consent for them, so in that case, I might consider switching to another ad company for my primary ads in the mean time.

    As for the new SDKs, I'll wait for it to be more clear. Because Google hasn't even finalized theirs yet. And they did say that it's not a guarantee that will make your app GDPR compliant. Even the big Google hasn't prepared for this enough yet.

    While having "consent features" on Buildbox seems like a good idea, we have yet to know what exactly people have to consent to, and what values would be needed to transfer to our ad providers. And we do not know what we'll have to do if the user does not consent to use his/her data for ad serving. Do we exit the app if consent isn't given? Then that will go against GDPR's policy that lack of consent to provide personal data (which includes even stuff like Device IDs and IP addresses now) shouldn't block off any features of the service, unless the personal data is required for that service to work, such as apps with log ins. Does this mean if the user does not give consent in our apps, he/she can use the app ad-free? I didn't think access to my apps was a human right (maybe except for DERE EVIL .EXE on July 4th, which everyone should play *shameless plug*). Does this mean RIP ad monetization?

    On the other hand, I think GDPR contravenes with other existing guidelines. And there are flexible aspects of GDPR such as the "legitimate interest" clause. One interpretation is that serving ads is a legitimate interest for app publishers to make money. Adcolony wouldn't even require consent, and they are betting it all on this clause.

    When the new consent SDKs from the ad providers do roll out, I'll just wait for Buildbox's update on it. And it's not going to go quick, a lot of tests would have to be done.

    Everything's chaotic, because this is a new regulation. Official interpretations aren't out yet, because there haven't been precedents. But, we'll all figure it out. Stuff like this happen every now and then, and I'm sure Boxers will survive in a post-GDPR world.
     
  11. Andy

    Andy Miniboss Boxer

    Joined:
    Sep 24, 2015
    Messages:
    2,152
    Likes Received:
    1,545
    WARNING: I am not a lawyer, This is not legal advice. :)

    IMHO, the 3rd party networks took way too long to account for this in their SDKs, I believe they were given a 2 year warning. Some companies don't even have a compliant SDK available yet.

    In the end, it's the developer/publishers responsibility to make sure the app is compliant. If you are using a 3rd party ad network you should contact them and ask what you need to do to be compliant. If you have any questions about how to implement their specific suggestions or requirements in Buildbox then ask away.

    That said we will be updating SDKs as they are available and we are able to test them over the next few weeks, but It's still your responsibility to make sure your game is compliant in the end.
     
    Sean Buildbox likes this.
  12. PlayShaft

    PlayShaft Boxer

    Joined:
    Jul 5, 2017
    Messages:
    80
    Likes Received:
    44
    And yet, what if I use AdMob as an ad network? Do I disable advertising until an update is released?
     
  13. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    Well, that's kinda the point. For example Fyber and Appodeal force you to ask for consent. Without it, they won't be able to deliver ads. So we won't be able to mediate now, which means no video rewards at all until this is solved somehow.
    Appodeal already has an SDK, but obviously this is only Unity compatible. For Buildbox I'm not sure if we can get an update. Fyber is probably the same... anybody knows?

    Then is there an ad network that does not gather personal information at all?? I highly doubt it. They all do. Geolocation is already a personal information for example as far as I understood. This shows that if you disable personalized advertising you basically won't have any fills at all, because most campaigns from the ad networks are tailor made for a specific audience. All other ads will give you an ecpm that low you wouldn't even make a dollar even with 1 million impressions (sarcasm).

    And then well, the GA thing is worrying me too. I guess for a couple of months they will do nothing either. But if they start to check your games that would suck.

    As others said, maybe best is just to wait until we see how the big ones change their strategy and ask for consent, then copy this shamelessly. But we definitely need the official Buildbox support here. Alone we couldn't do a thing. I just hope this hasn't a huge impact on our revenue, ad fills and impressions. That would suck big time.
     
    comicsmathias, AaroArts and UpperCat like this.
  14. AaroArts

    AaroArts Miniboss Boxer

    Joined:
    Jun 22, 2016
    Messages:
    1,537
    Likes Received:
    821
    Even if you switch to non-personalised ads, there's a good chance your ads still use cookies to enable frequency capping and other fraud-preventing techniques, so wouldn't be compliant.

    I think Buildbox will need to add Googles Consent SDK for Admob, as consent will be required on every app launch.
    https://developers.google.com/admob/ios/eu-consent

    So for now, maybe it's best to turn off ads completely or only release premium games made solely with Buildbox.
     
    Last edited: May 20, 2018
    Christoph likes this.
  15. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
    I can't do premium games. All my games depends on ads. lol

    Thanks for that link though. Looks very complicated. I'm so in fear to see what will happen May 25th and feel so helpless right now.
     
  16. Christoph

    Christoph Miniboss Boxer

    Joined:
    Oct 4, 2015
    Messages:
    2,808
    Likes Received:
    2,310
  17. PlayShaft

    PlayShaft Boxer

    Joined:
    Jul 5, 2017
    Messages:
    80
    Likes Received:
    44
    Hey! Guys! Share your thoughts? How will you implement the dialogue? As I understand it, Google's SDK is not ready yet. Can anyone have ideas or other ways?
     
  18. DariusGuerrero

    DariusGuerrero Moderator Staff Member

    Joined:
    Dec 22, 2016
    Messages:
    460
    Likes Received:
    368
    @AaroArts based on my understanding, cookies aren't included in the scope of GDPR it's just Google implementing another regulation: The "cookie" law which is when sites ask tell you this sites accept cookies. This law allows a soft opt-in for when you enter the sites though and explicit consent wasn't required. But, as I've said, other companies say "legitimate interest" protects this one. Google however, for some reason, will show personalized ads in the EU by default for some reason. Strange. Should have been the other way around and they shouldn't assume consent.

    And as for the GDPR, it only applies to citizens within the EU. So if they're travelling, the country's laws where they are staying at will apply. If they are transacting business with a US company over the Internet or phone WHILE IN THE EU, then, yes, the GDPR does apply-- territorial scope. If EU citizens are travelling, the local laws apply. If it were the case, then any company in the US would be subject to GDPR just because someone from France, Germany, etc, shows up in the store. Can you imagine the chaos that would create in NYC?

    So, on May 25, either I turn go non-personalized ads in the EU territory or just turn them off in EU territory :)

    But again, this is my own personal understanding and I am not advising anyone else to do the same.
     
    Last edited: May 21, 2018
  19. AaroArts

    AaroArts Miniboss Boxer

    Joined:
    Jun 22, 2016
    Messages:
    1,537
    Likes Received:
    821
    @DariusGuerrero
    Sure. I was only referring to Admob, where Google states "...Ads served by Google can be categorized as personalized or non-personalized, both requiring consent from users in the EEA..."

    So I assume to displaying Ads to Users in the EEA, at least with Admob, purely switching to non-personalised in that region won't be an option.

    But like you I'm not advising anyone.
    I'm sure we'll all have it figured out soon :D
     
    Last edited: May 21, 2018
  20. Astro Games

    Astro Games Avid Boxer

    Joined:
    Nov 15, 2016
    Messages:
    357
    Likes Received:
    190

Share This Page