GDPR Consent Storage

This all GDPR mess confuses me.

I am keep seeing the consent taken from users should be stored in application own servers. How to handle this ? If I use 3 different ad companies such as Unity Ads, AdMob, AdColony etc… should I store each consent in kind of a server ?

Regards.

1 Like

Hi,

On mobile now, will provide full answer later. We will have opt-out feature in Unity Ads SDK, allowing users to opt out from us collecting personal data, first time an ad is shown on device,

For the situation you are describing with mediators, we are working on a solution which will allow you game developers to ask users for consent. We will share more information soon.

/Rasmus

2 Likes

Hi, thank you for clarification. In Google AdMob Website says

"What records do I need to keep?
Our policy requires that customers retain records of consent. At a minimum, these should include the text and choices presented to users as part of a consent mechanism and a record of the date and time of the user’s affirmative consent."

Unity will store consent choices and dates in their servers ? Even if user delete the app / game ?

1 Like

Thanks a lot for info. In any case you should follow the guidelines for integrating Google Admob.

We implement and apply GDPR regulations based on advice from our legal department at Unity. Our goal and approach is to make it as easy as possible for game developers to integrate Ads SDK into your games, meaning that we implement the functionality to let users decide how we can use their personal data when displaying ads.

Other ad networks likely has different approaches, and you should follow their guidelines when integrating.

Hope it answers your question, in any case thanks for the information.

/Rasmus

2 Likes

Thank you.
My other question is consent options.

AdMob will have 3 options now:

  1. Personalized ad consent
  2. Non-Personalized ad consent
  3. Ad free ( which ridicilous option )

Will Unity Ads have such an option like 'Ad Free", According to GDPR mess you have to have this option, and cannot close app / game if user chooses this option.

Hi,

Please see the sections on opt-out in Privacy Policy Hub. We will provide opt-out option in the endscreen after the ad has been shown, allowing the user to opt out from “behavioral targeting”; we will not be having an “add free” option.

EDIT: We will provide more information for publishers beginning of next week. Please stay tuned

/Rasmus

What will happen to outside of EU ? Will they see consent dialog ?
What happens if I disable my games in EU from app stores ? Should I show consent still ?

Hi, our GDPR related information for publishers is now available on Privacy consent and data APIs

Please note that we don’t ask for consent, but an option for users to opt-out of behavioral targeting, as described on the Publisher GDPR info page.

And yes we will show the same UI for all users. Technically it’s not trivial to reliably detect if a person is citizen of EU, and as we don’t want to collect more information than necessary for displaying ads.

I’m not a lawyer, but seems there are different services offering to detect and block users from EU. Google for “gdpr block eu users” to get some inspiration.

/Rasmus

Wait here - so who’s gonna ask for consent then?

For real? Can’t tell if this is meant seriously or as a joke :hushed:

1 Like

In short, we are taking a different approach than e.g. Google here. We don’t store any other data about the user, than what is needed for showing ads. I.e. we don’t store gender, age, products bought on internet etc. Basically we serve ads, while still respecting users privacy - remember, we’re not evil :slight_smile:

The instructions from our legal team at Unity is that we don’t need user consent, but ofc giving users option to opt out from collecting any personal identifiable data (e.g. IP address and device id), similar to what we already have on game level for COPPA.

If you as publisher want to implement consent in your game, e.g. since you are integrating other networks who requires consent, you can follow the instructions on https://unityads.unity3d.com/help/legal/gdpr, and implement your own UI. But user consent is not required for using Ads SDK in relation to GDPR, we will show UI in the end cards to allow users to opt-out of data collection, showing information about how to get and delete data collected for the user (or rather the device, again as we don’t store “human” information, only information related to the device showing the ad)

Hope it answers your question. If you have more detailed legal question, you are ofc welcome to contact our legal team at gdpr@unity3d.com

Best regards,
Rasmus

PS. No, I don’t think blocking EU users is a joke, but personally I hope GDPR (and recent public data breaches) will mean that companies will actually start to respect peoples privacy, allowing users to have data deleted etc. Probably also users should realize that if a service is free, then you are paying with your information, but that’s a completely different topic…

3 Likes

As I understand we should clearly show the user a message to ask for consent to use personal data, if the player didn’t see the consent (as a pop us message or something like that) and he did not opt-out form collecting IP address and device id, will that be GDPR compliant?

because in the end you are collecting his personal data without a direct-clear approval from him, right?

Hold on, I’ll get someone from our legal team to provide an answer.

/Rasmus

3 Likes

Still waiting for legal to get back. Until then, please see https://unity3d.com/legal/gdpr:

Unity Ads SDK has the necessary opt-out mechanism for users to opt out of behavioral ads targeting. However we’re still working with legal to make the GDPR information page more precise on this particular subject.

Please keep posting questions here on the topic, especially if above isn’t sufficient.

Thanks,
Rasmus

Ok, so I have talked with with legal, and information about our GDPR strategy will go out to publishers via e-mail within few days.

In short, we want to make it as easy as possible for publishers to integrate Ads SDK, so you can focus on building games instead of server side functionality to collect GDPR consent etc, and as said we have a different approach than some other ad networks. However given the subject, legal prefers to be part of the communication. Hope you understand.

Please refer to information in the mentioned e-mail sent from our legal team, and direct question related to GDPR to gdpr@unity3d.com

Thanks,
Rasmus

3 Likes

Ok,

I think I understood the approach to Unity Ads.

What about apps only uses Unity In App Purchases, Unity automatically integrates Unity Analytics when IAP enabled ? How do we get consent for IAP / Analytics while there is no Unity Ads ?

1 Like

There is a plugin for that. Check out this thread in the Unity Analytics forum

https://discussions.unity.com/t/702364

I still cannot see any consent request on Ads. When will this will appear on games? Tomorrow? Is it possible to have a preview of how it will work?

Ok, now it’s visible, but on “minigame” ads the consent shows only if you click on the “i” mini button.

What is this GDPR that i see lately?
I can take data from user by asking them right?
And then what?I get money for this?

It’s a new regulation from the EU (European Union) that lets citizens decide whether an entity is allowed to have access to their personal data. If you’re developing games that require personal information from users within countries that are part of the EU then it’s important you go read up on the law now. It goes into effect today (May 25th, 2018).

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
https://ec.europa.eu/info/law/law-topic/data-protection_en

1 Like