ironSource Consent API under the GDPR
Updated: March 7, 2021
When and Why Consent is Required
There are two different legislations in the EU regulating when consent should be obtained from end-users.
General Data Protection Regulation (GDPR)
The GDPR requires that a controller will establish a legal basis for processing personal data. ironSource’s ad network mostly relies on its legitimate interest to serve ads based on contextual parameters and interactions with our ads. We also use legitimate interest to detect and prevent fraud, and to share device identifiers with attribution companies, so advertisers can attribute to us app installs.
Other ad networks may serve, in addition to contextual ads, also personalized ads based on the interests and characteristics of end users. Such ad networks would usually rely on consent as their legal basis. If you use ironSource’s mediation, you can choose to communicate to such ad networks (if supported) the consent value, as explained below.
The ePrivacy Directive, as implemented by EU member states, generally requires consent to be obtained for the purpose of storing, accessing, or transmitting information from an end user’s device. The vast majority of ad networks, including ironSource’s ad network, rely on accessing certain device data in order to perform their basic functionalities. Accordingly, you must make sure that you properly obtain the end user consent for accessing and transmitting its device data prior to initializing any third party SDK, including ironSource mediation, and ironSource ad network. If a consent is not obtained, you should not initialize the ironSource SDK.
ironSource SDK introduced a client-side API to allow publishers to pass consent to our mediation on behalf of their end users.
Due to a lack of standardization, each ad network has approached consent collection and management differently. Our commitment to providing our publishers with a single transparent interface required us to develop unique and specific integrations for every possible implementation from each ad network.
Below is a list of SDK ad networks which have adapters for ironSource mediation, and the relevant information regarding their approach to GDPR:
|Amazon||Consent Management Platform (“CMP”)||To use GDPR with Amazon Mobile Ad Network, follow the instructions under “Has your SDK been updated for GDPR?”||https://developer.amazon.com/docs/mobile-ads/mb-faq.html#general–overview|
|Vungle||Consent API||If consent is not requested, Vungle defaults to displaying consent on its own|
|Do not require consent||Facebook manages users on its own. Advise with your Facebook representative for official information||https://www.facebook.com/business/gdpr|
|Maio||Do not support consent||Publisher should not target Maio for users who are subject to GDPR|
|Server Side Sources||Consent Macro||Work in progress|
Mapping of consent integrated adapters versions per network (relevant only once using ironSource SDK V6.7.9 and above):
|Network||Earliest consent support adapter version|
|AdMob||4.1.4 (SDK 7.28)||4.1.6 (SDK 12.0.1)||4.1.5|
|Amazon||4.3.0 (SDK 18.104.22.168)||4.3.0 (SDK 5.9.0)||4.3.0|
|AppLovin||4.1.4 (SDK 5.0.1)||4.1.4 (SDK 8.0.1)||4.1.4|
|Chartboost||4.1.2 (SDK 7.2.0)||4.1.2 (SDK 7.2.0)||4.1.3|
|InMobi||4.1.3 (SDK 7.1.1)||4.1.3 (SDK 7.1.0)||4.1.2|
|UnityAds||4.1.1 (SDK 2.1.1)||4.1.1 (SDK 2.1.1)||4.1.1|
|Vungle||4.1.5 (SDK 6.2.0)||4.1.3 (SDK 6.3.17)||4.1.5|
|TapJoy||4.1.1 (SDK 11.12.2)||4.1.1 (SDK11.12.2)||4.1.1|
|MoPub||4.1.2 – (SDK 5.2.0)||4.1.3 – (SDK 5.2.0)||4.1.4|
|AdColony||4.1.2 (SDK 3.3.4)||4.1.2 (SDK 3.3.4)||4.1.2 (SDK 3.3.4)|
|HyprMX||4.1.2 (SDK 5.0)||4.1.2 (SDK 5.0)||4.1.2|
|Fyber||4.3.1 (SDK 7.4.0)||4.3.1 (SDK 7.3.3)||4.3.1|