1. What is MoPub’s approach to the GDPR?

MoPub, a division of Twitter, Inc. and Twitter International Company, complies with current EU data protection law, and will comply with GDPR. We understand that our publisher partners and advertising demand partners all have a requirement to comply with the Regulation. MoPub cannot advise you as to whether you are GDPR compliant. However, MoPub has publishers and advertisers that span the globe, so we are working to ensure that our services comply with GDPR, and that these partners can continue to use the MoPub Services after GDPR takes effect on 25 May 2018. Partners should review our Privacy Policy, our Policies for publisher partners and advertising demand partners, and our Terms of Service, which will be updated, before continuing to use the MoPub Services after the GDPR comes into effect.

2. How does MoPub comply with the legal requirements for transferring data?

Our services are designed to connect publishers and advertisers around the world. As a global service, we have developed global data practices designed to ensure that our customers’ information is protected. Twitter International Company, an Irish commercial entity, is the controller of our data outside of the U.S., so if you are outside of the U.S. and you share data with MoPub, you share it with Twitter International Company. Today, Twitter International Company processes data in accordance with applicable Irish law and after 25 May 2018, it will do so in compliance with both the GDPR and Irish domestic law.  Additionally, Twitter International Company has Data Transfer and Processing Agreements with Twitter, Inc., in the U.S., and its affiliates, which allow Twitter, Inc., to process personal data.

Twitter, Inc., is also certified under the Privacy Shield framework. For additional information, please review Twitter’s Global Operations and Data Transfer information.

3. Is MoPub a data controller or a data processor?

MoPub, as a division of Twitter, Inc. and Twitter International Company, is the controller of the data we use as part of the MoPub Services.  We use that data in accordance with our Privacy Policy.

MoPub’s controller activities are determined by the Terms of Services and our Privacy Policy, both of which will be updated accordingly before 25 May 2018, and will be made available for your review prior to that date.

4. MoPub products after May 25, 2018

A. Will the MoPub Software Development Kit obtain consent for MoPub’s processing of personal data?

MoPub will release an updated Software Development Kit (SDK) before May 25, 2018.  By default, the updated SDK will obtain consent from users located in the European Economic Area, the United Kingdom, and Switzerland for the processing of personal data by MoPub and our partners (including advertising demand partners, supported advertising mediation partners, data partners, and fraud and measurement partners) for personalized advertising purposes. Some publisher partners may be allowed to obtain consent on behalf of MoPub and our partners through their own consent solution if they agree to additional terms

B. I’m a publisher. What happens if I don’t update my apps to the new SDK?

To provide continuity of our services to our publisher partners and give your users sufficient time to update their apps to versions using our latest SDK, we will continue to support older versions of the SDK during a short transition period. During this time, older versions of the SDK will continue to collect personal data. However, in order to protect your users’ privacy, we will not store, use, or share such personal data, and we will only return contextual ads to your users in the European Economic Area, the United Kingdom, and Switzerland. After this transition period, we will no longer serve ad requests from older versions of the SDK in GDPR applicable regions.

C. What will the MoPub SDK’s consent solution look like, and when will the user see it?

We’ve designed the MoPub SDK consent solution to be a publisher-friendly and out-of-the-box compliance solution. As a publisher partner, you will be able to decide when to show the consent request to your users in your app. Here is what it will look like to your users:


D. What happens if the user does not consent?

If the user does not consent, we will not collect personal data such as the user’s advertising identifier, precise location, or interest or demographic information such as age and gender. We may still receive data such as the user’s IP address for limited purposes based on separate legal grounds for processing, such as legal necessity or legitimate interests.  Our Privacy Policy, which will be updated and available for review before May 25, 2018, will explain our legal bases for processing in further detail.

E. Can the user withdraw consent?

Yes, the user will be able to withdraw consent at any time, as required by GDPR. Publishers who are allowed to use their own consent solution must also provide users with a GDPR-compliant withdrawal of consent mechanism. In addition, all users in the EEA, the UK, and Switzerland will be able to signal their withdrawal of consent to MoPub by enabling the Limit Ad Tracking setting on iOS devices or the Opt out of Personalized Ads setting on Android devices and revisiting an app that has integrated the MoPub SDK. In each case, MoPub will also share the fact that the user has withdrawn consent with our current partners so that they, as independent controllers of that data, can also respect the user’s choice.

5. What terms are going to be updated?

MoPub will be updating various terms, including our Privacy Policy, our Policies for publisher partners and advertising demand partners, and our Terms of Service,

6. Is there a map of MoPub data that can be shared?

While we don’t have a map of MoPub data we can share publicly, our Privacy Policy describes how we collect, store, use, and share personal data.  Please note that our Privacy Policy will be updated ahead of 25 May 2018 to be GDPR compliant.

7. Which mediation network partners is MoPub getting consent for?

MoPub collects consent on behalf of many of our mediation partners. We will share the consent via adapters and publishers will need to update to (1) the GDPR supported network adapters, (2) the GDPR supported SDK, and (3) GDPR supported network SDK. Please see our Supported Mediation Partners page for more information on which networks we currently collect consent for. For networks that we are not collecting consent for, publishers should work directly with the network to understand their obligations to comply with GDPR.

Updated: April 2020