I have been using Unity Ads and the following code to comply with ATT on iOS. However, if I attempt to use Unity Mediation, the MetaData class is no longer available (being a part of Unity.Advertisement). What should I be doing instead?
var status = ATTrackingStatusBinding.GetAuthorizationTrackingStatus();
bool ok = true;
if (Application.platform == RuntimePlatform.IPhonePlayer)
{
Version currentVersion = new Version(Device.systemVersion);
Version ios14 = new Version("14.5");
ok = currentVersion >= ios14;
}
if (status == ATTrackingStatusBinding.AuthorizationTrackingStatus.NOT_DETERMINED && ok)
{
var contextScreen = GameObject.Instantiate(B.instance.contextScreenView);
contextScreen.sentTrackingAuthorizationRequest += () => GameObject.Destroy(contextScreen.gameObject);
if (ATTrackingStatusBinding.GetAuthorizationTrackingStatus() == ATTrackingStatusBinding.AuthorizationTrackingStatus.AUTHORIZED)
{
MetaData gdprMetaData = new MetaData("gdpr");
gdprMetaData.Set("consent", "true");
Advertisement.SetMetaData(gdprMetaData);
}
}
Hi @topcogllc ,
For mediation, you will want to use
MediationService.Instance.DataPrivacy.GetConsentStatusForLaw
and
MediationService.Instance.DataPrivacy.UserGaveConsent
to manage consent for the various laws (including GDPR).
Do not hesitate if you have more questions!
Edit: Apologies I looked at the code below and assumed you were attempting to set GDPR.
Regarding ATT, I am not sure what the appropriate action would be in your case, I will let someone else answer that.
Thanks for reaching out. Regarding how to setup ATT in Unity Mediation, there’s a guide how to set it up here.
After looking at your code, it seems you are mapping consent for ATT directly with GDPR, which are two separate concerns (ATT is a permission enforced by Apple, misuse can lead to a removal from the AppStore or an app being denied from being added to the AppStore for example, GDPR is an EEA jurisdiction law and requires a different form of consent collection). Here is some more information on the topic for example. Due to this, we recommend collecting consent for GDPR and other laws by using a consent collection solution tailored for that given law, just a heads up.
Once you have that collected consent, you can pass it through the Mediation API like so:
I can’t find clear instructions how MediationService.Instance.DataPrivacy.UserGaveConsent should be used. Should it be called before initialization? Or it doesn’t matter?
Sorry for hijacking the thread! This thread was one of the top result for me, while I was googling for more details about these privacy settings.
Yeah, however, there is nothing said when is should be called.
My assumption was, it should be called before initialization, so Mediation SDK can pass it to other SDKs, if needed, before initialize them. But it turns out my assumption was wrong.
If only Mediation is used, the analytics plugin is not a dependency, thus the privacy button is not needed?
The documentation states one-line information a lot, without any context or clarity.
How should we figure out which laws apply? Do we even care to figure out specifically?
Ideally this should be solved by the Core Services package in a uniform and compliant way.
What I would love to see
As privacy applies to all these cloud based services, it would make more sense to provide them as their own API within Core, to be called before the rest of the stack is initialized.
It would be fantastic if it could just determine which laws apply to a user, but personally I prefer the “Consent is Consent” and just apply all consents to all laws.
Move the privacy button to core, or add it as a privacy plugin service?
Without consent none of these services should activate, this should be enforced on the API level so that it is always clear.
If Consent status is known, the services can spin up (or stay inert without errors) accordingly.
This makes everything clean, clear and opt-in. If it does not run until it is allowed to by user / developer, maximum compliance is reached out of the box.
Just make a clear note in the documentation
Ideally something like this:
Create Privacy instance
Check for existing consent, if unknown, raises the AskForConsent callback and waits for async task with the Accept / Decline information
Initialization requires the Privacy instance, this informs all services
On runtime if you offer the user a way to change consent status, changing the consent status in the Privacy instance will also trigger the appropriate callbacks in all the services (it will also unload and load services as allowed by the new consent status)
For clarity, Unity Mediation provides an API to pass privacy consent signals for two reasons:
To provide consent signals for header bidding (a new type of waterfall line item)
To pass consent to the downstream ad network SDKs
If you do not provide the consent signals, header bidding will default the ads as contextual where jurisdictions have privacy laws enforced. As for the downstream ad network SDKs (MetaAudienceNetwork, Admob, etc), they will collect consent themselves separately. Unity Mediation will still work without these consent signals, but will most likely generate somewhat less revenue.
With that, to answer your questions:
To tie in with what I mention above, passing any signals, either with the use of a button or otherwise is not needed, but can be beneficial to revenue.
Which laws apply is a complex issue that requires a complex solution, which is why we recommend using consent collection solutions, like Funding Choices for example for the time being. We are actively working on providing a consent collection solution that works well with our products as well as inside of the Unity Editor. We really appreciate your feedback, I’ve shared your thoughts and ideas with the privacy team, and I’ll alert this thread once our Privacy product is publicly available.