ironSource Consent API under the GDPR
Updated: July 10th, 2022
When and Why Consent is Required
There are two different legislations in the EU regulating when consent should be obtained from end-users.
General Data Protection Regulation (GDPR)
The GDPR requires that a controller will establish a legal basis for processing personal data. ironSource’s ad network mostly relies on its legitimate interest to serve ads based on contextual parameters and interactions with our ads. We also use legitimate interest to detect and prevent fraud, and to share device identifiers with attribution companies, so advertisers can attribute to us app installs.
Other ad networks, and DSPs connected to ironSource’s ad exchange (iSX), may serve, in addition to contextual ads, also ads based on the interests and characteristics of end users. Such ad networks, and DSPs would usually rely on consent as their legal basis. If you use LevelPlay, you can choose to communicate to such ad networks (if supported) the consent value, as explained below.
Please note that the consent, and transparency requirements of the GDPR require you to name the controllers relying on the consent you obtain. Please see the list of ad networks that support our consent API below, and the list of DSPs connected to iSX here: https://developers.is.com/ironsource-mobile/general/ironsource-exchange-programmatic-partners/.
Privacy Directive
The ePrivacy Directive, as implemented by EU member states, generally requires consent to be obtained for the purpose of storing, accessing, or transmitting information from an end user’s device. The vast majority of ad networks, including ironSource’s ad network, rely on accessing certain device data in order to perform their basic functionalities. Accordingly, you must make sure that you properly obtain the end user consent for accessing and transmitting its device data prior to initializing any third party SDK, including LevelPlay, and ironSource ad network. If a consent is not obtained, you should not initialize the ironSource SDK.
Settings for Underaged Users
If you need to apply settings for underaged users, please refer to our Child Directed Apps article here: https://developers.is.com/ironsource-mobile/general/ironsource-mobile-child-directed-apps/#step-1.
Also, for Android devices, if necessary (for example, compliance with Google Play’s Designed for Families policy), please also read the following articles:
Consent Support
ironSource SDK introduced a client-side API to allow publishers to pass consent to DSPs connected to iSX, and to LevelPlay on behalf of their end users.
Due to a lack of standardization, each ad network has approached consent collection and management differently. Our commitment to providing our publishers with a single transparent interface required us to develop unique and specific integrations for every possible implementation from each ad network.
Below is a list of SDK ad networks which have adapters for LevelPlay, and the relevant information regarding their approach to GDPR:
| Network | Solution | Comments | Reference |
| AdColony | Consent API | https://www.adcolony.com/gdpr/ | |
| Vungle | Consent API | If consent is not requested, Vungle defaults to displaying consent on its own | |
| AppLovin | Consent API | https://www.applovin.com/gdprfaqs/ | |
| InMobi | Consent API | https://support.inmobi.com/monetize/faqs/migrating-to-sdk-710-gdpr-compliant/ | |
| Chartboost | Consent API | https://answers.chartboost.com/en-us/articles/115001489613 | |
| UnityAds | Consent API | https://unity3d.com/legal/gdpr | |
| MoPub | Consent API | https://www.mopub.com/resources/gdpr-faq/ | |
| AdMob | Consent SDK | https://support.google.com/admob/answer/7666366 | |
| Tapjoy | Consent API | https://dev.tapjoy.com/sdk-integration/#if_a_user_from_a_country_that_is_not_covered_by_gdpr_does_not_consent_or_withdraws_consent_would_tapjoy_limit_advertising_to_non-interest-based_ads_for_such_a_user | |
| Meta Audience Network | Do not require consent | Meta manages users on its own. Advise with your Meta representative for official information | https://www.facebook.com/business/gdpr |
| HyprMX | Consent API | ||
| Maio | Do not support consent | Publisher should not target Maio for users who are subject to GDPR | |
| Digital Turbine | Consent API | https://www.fyber.com/legal/gdpr-faqs/ | |
| Server Side Sources | Consent Macro | Work in progress |
Mapping of consent integrated adapters versions per network (relevant only once using ironSource SDK V6.7.9 and above):
| Network | Earliest consent support adapter version | ||
| iOS | Android | Unity | |
| AdMob | 4.1.4 (SDK 7.28) | 4.1.6 (SDK 12.0.1) | 4.1.5 |
| AppLovin | 4.1.4 (SDK 5.0.1) | 4.1.4 (SDK 8.0.1) | 4.1.4 |
| Chartboost | 4.1.2 (SDK 7.2.0) | 4.1.2 (SDK 7.2.0) | 4.1.3 |
| InMobi | 4.1.3 (SDK 7.1.1) | 4.1.3 (SDK 7.1.0) | 4.1.2 |
| UnityAds | 4.1.1 (SDK 2.1.1) | 4.1.1 (SDK 2.1.1) | 4.1.1 |
| Vungle | 4.1.5 (SDK 6.2.0) | 4.1.3 (SDK 6.3.17) | 4.1.5 |
| TapJoy | 4.1.1 (SDK 11.12.2) | 4.1.1 (SDK11.12.2) | 4.1.1 |
| MoPub | 4.1.2 – (SDK 5.2.0) | 4.1.3 – (SDK 5.2.0) | 4.1.4 |
| AdColony | 4.1.2 (SDK 3.3.4) | 4.1.2 (SDK 3.3.4) | 4.1.2 (SDK 3.3.4) |
| HyprMX | 4.1.2 (SDK 5.0) | 4.1.2 (SDK 5.0) | 4.1.2 |
| Digital Turbine | 4.3.1 (SDK 7.4.0) | 4.3.1 (SDK 7.3.3) | 4.3.1 |
| Liftoff | 4.3.0 (SDK 1.8.0) | 4.3.0 (SDK 1.3.0) | 4.3.0 |
| Meta Audience Network | All versions | ||
| Maio | All versions | ||
| MediaBrix | All versions | ||