Making sure you’re compliant post-GDPR
ironSource are committed to ensuring compliance with GDPR. This means that publishers are able to confidently use the ironSource solution, both as a network and mediation platform, and rest assured that we process user data in accordance with the parameters set out in the GDPR.
When and Why Consent is Required
The bulk of mobile in-game video advertising today is based on techniques and methodologies that are considered by GDPR as ‘legitimate interest’ and therefore does not require user consent. However, some elements of advertising do require a specific consent from users. An example would be personalized ads, which were targeted to users based on a profile of their interests.
In cases where consent is required, the GDPR states that this consent should be communicated to users explicitly for each advertising party. Therefore, in order to legally leverage this kind of data and serve personalized ads, each and every demand source will need to independently collect informed and unambiguous consent from users – either directly or by proxy (such as from the publisher or its mediation solution).
ironSource SDK introduced a client-side API to allow publishers to pass consent to our network or mediation on behalf of their users. We then process this user data accordingly.
Due to a lack of standardization, each network has approached consent collection and management differently. ironSource’s commitment to providing its publishers with a single transparent interface required us to develop unique and specific integrations for every possible implementation from each network.
Below is a list of SDK networks which have adapters for ironSource mediation, and the relevant information regarding their approach to GDPR.
|Amazon||Consent Management Platform (“CMP”)||In order to use GDPR with Amazon Mobile Ad Network, please follow the instructions they provide inside this page, under “Has your SDK been updated for GDPR?”.||https://developer.amazon.com/docs/mobile-ads/mb-faq.html#general–overview|
|Vungle||Consent API||If consent is not requested, Vungle defaults to displaying consent on its own|
|Do not require consent||Facebook manages users on its own. Please advise with your Facebook representative for official information.||https://www.facebook.com/business/gdpr|
|Maio||Do not support consent||Publisher should not target this network for users who are subject for GDPR|
|Server Side Sources||Consent Macro||Work In Process|
Mapping of consent integrated adapters versions per network (Relevant only once using ironSource SDK V6.7.9 and above):
|Network||Earliest consent support adapter version|
|AdMob||4.1.4 (SDK 7.28)||4.1.6 (SDK 12.0.1)||4.1.5|
|Amazon||4.3.0 (SDK 188.8.131.52)||4.3.0 (SDK 5.9.0)||4.3.0|
|AppLovin||4.1.4 (SDK 5.0.1)||4.1.4 (SDK 8.0.1)||4.1.4|
|Chartboost||4.1.2 (SDK 7.2.0)||4.1.2 (SDK 7.2.0)||4.1.3|
|InMobi||4.1.3 (SDK 7.1.1)||4.1.3 (SDK 7.1.0)||4.1.2|
|UnityAds||4.1.1 (SDK 2.1.1)||4.1.1 (SDK 2.1.1)||4.1.1|
|Vungle||4.1.5 (SDK 6.2.0)||4.1.3 (SDK 6.3.17)||4.1.5|
|TapJoy||4.1.1 (SDK 11.12.2)||4.1.1 (SDK11.12.2)
|MoPub||4.1.2 – (SDK 5.2.0)||4.1.3 – (SDK 5.2.0)||4.1.4|
|AdColony||4.1.2 (SDK 3.3.4)||4.1.2 (SDK 3.3.4)||4.1.2 (SDK 3.3.4)|
|HyprMX||4.1.2 (SDK 5.0)||4.1.2 (SDK 5.0)||4.1.2|
|Fyber||4.3.1 (SDK 7.4.0)||4.3.1 (SDK 7.3.3)||4.3.1|
For publishers who prefer not to collect consent, the ironSource solution – both the network and the mediation platform – is built to ensure compliance with the GDPR.
- On the network level, ironSource will serve your users who are subject to GDPR with ads that are non-personalized
- On the mediation level, ironSource is working closely with all the networks to confirm that they too have the technical solution to address serving your users who are subject to GDPR with ads that are not personalized if no consent was provided. Nonetheless, we advise every publisher to reach out to their other networks to receive additional legal assurances