1. What is MoPub’s approach to the GDPR?
2. How does MoPub comply with the legal requirements for transferring data?
Our services are designed to connect publishers and advertisers around the world. As a global service, we have developed global data practices designed to ensure that our customers’ information is protected. Twitter International Company, an Irish commercial entity, is the controller of our data outside of the U.S., so if you are outside of the U.S. and you share data with MoPub, you share it with Twitter International Company. Today, Twitter International Company processes data in accordance with applicable Irish law and after 25 May 2018, it will do so in compliance with both the GDPR and Irish domestic law. Additionally, Twitter International Company has Data Transfer and Processing Agreements with Twitter, Inc., in the U.S., and its affiliates, which allow Twitter, Inc., to process personal data.
Twitter, Inc., is also certified under the Privacy Shield framework. For additional information, please review Twitter’s Global Operations and Data Transfer information.
3. Is MoPub a data controller or a data processor?
4. MoPub products after May 25, 2018
Will the MoPub Software Development Kit obtain consent for MoPub’s processing of personal data?
MoPub will release an updated Software Development Kit (SDK) before May 25, 2018. By default, the updated SDK will obtain consent from users located in the European Economic Area, the United Kingdom, and Switzerland for the processing of personal data by MoPub and our partners (including advertising demand partners, supported advertising mediation partners, data partners, and fraud and measurement partners) for personalized advertising purposes. Some publisher partners may be allowed to obtain consent on behalf of MoPub and our partners through their own consent solution if they agree to additional terms.
I’m a publisher. What happens if I don’t update my apps to the new SDK?
To provide continuity of our services to our publisher partners and give your users sufficient time to update their apps to versions using our latest SDK, we will continue to support older versions of the SDK during a short transition period. During this time, older versions of the SDK will continue to collect personal data. However, in order to protect your users’ privacy, we will not store, use, or share such personal data, and we will only return contextual ads to your users in the European Economic Area, the United Kingdom, and Switzerland. After this transition period, we will no longer serve ad requests from older versions of the SDK in GDPR applicable regions.
What will the MoPub SDK’s consent solution look like, and when will the user see it?
We’ve designed the MoPub SDK consent solution to be a publisher-friendly and out-of-the-box compliance solution. As a publisher partner, you will be able to decide when to show the consent request to your users in your app. Here is what it will look like to your users:
For a high resolution version of the image, please click here.
What happens if the user does not consent?
Can the user withdraw consent?
Yes, the user will be able to withdraw consent at any time, as required by GDPR. Publishers who are allowed to use their own consent solution must also provide users with a GDPR-compliant withdrawal of consent mechanism. In addition, all users in the EEA, the UK, and Switzerland will be able to signal their withdrawal of consent to MoPub by enabling the Limit Ad Tracking setting on iOS devices or the Opt out of Personalized Ads setting on Android devices and revisiting an app that has integrated the MoPub SDK. In each case, MoPub will also share the fact that the user has withdrawn consent with our current partners so that they, as independent controllers of that data, can also respect the user’s choice.
5. What terms are going to be updated?
6. Is there a map of MoPub data that can be shared?
7. Which mediation network partners is MoPub getting consent for?
We will be obtaining consent on behalf of AppLovin, AdColony, Chartboost, ironSource, Tapjoy, Unity, and Vungle. We will share the consent via adapters and publishers will need to update to (1) the GDPR supported network adapters, (2) the GDPR supported SDK, and (3) GDPR supported network SDK. We are not getting consent on behalf of Facebook, AdMob, Flurry, or One by AOL. For networks that we are not getting consent for, publishers should work directly with the network to understand their obligations to comply with GDPR.Updated: December 2018