16 May 2018
Getting your Corona apps ready for GDPR!
Great news Corona developers! Starting with daily build 2018.3286, metrics collected by Corona-made apps are now GDPR safe. We no longer collect any ID’s or data points that would be considered personal data under these data regulations.
- Q. What is GDPR?
- A. GDPR stands for “General Data Protection Regulation“. It’s a law affecting businesses established in the European Union or has end users based in the EU that requires you to get explicit permission from users to collect private data and manage that data. Businesses that don’t comply can face heavy fines.
- Q. What if I want to continue to use a public build or older daily build?
- A. Then you will still need to update your apps and present the user a dialog box asking for permission for Corona to collect data in addition to any other services that you need to also ask permission for.
- Q. What is the best way to know if my user is in the EU?
- A. Because users travel or may use technologies like VPNs, there is no reliable way to determine if a resident of the EU is in the EU. Also, other privacy laws are changing to be more stringent in additional areas. It’s best to ask all users for this permission.
- Q. What do I need to do to get permission from our app users?
- A. There are several steps you need to complete to give your users the opportunity to control their data.
- Present a dialog to your users explaining that you’re using third-party services that collect private data.
- Your dialog can present the user an on/off switch for each service to allow the end user to choose which services they want to grant permission to or decline permission. That switch should default to
offsince the intent is to get “opt-in” from the end user. See the UK’s Information Commissioner’s Office document on GDPR Consent
- Store the settings locally so you can remember their choices. Saving the settings online will require you to store personal data and you would have to ask permission for that.
- On a settings screen, include options to allow the user to select to turn on or off permissions.
- When the user changes their mind, then your app can react to those changes.
- For now, if a user declines to use a service, simply use “if” statements to not initialize the plugin or call any methods of that plugin. If they later change their mind, then you can initialize the plugin and call it’s methods.
- As services update their SDK’s to offer GDPR management API’s and we update our plugins to support them, you can update your apps to add support. As an example, Appodeal’s new SDK will support showing non-targeted ads to users who don’t grant permission and higher quality ads to those who grant permission. There will be a way to let Appodeal’s SDK know if the user has granted permission or not.
- Q. What changes do I need to make to take advantage of a plugin’s GDPR features?
- A. Unfortunately every plugin provider is implementing this in radically different ways. Some will require you to pass a consent parameter on an initialization call, others are handling their own permission, others will have methods in their SDK to manage data. As we update the plugins to be GDPR compliant, we are also updating each plugin’s documentation. There should be a yellow note near the top of each plugin’s page that points you to GDPR additions to be aware of.
- Q. How will I know when a plugin has been updated?
- A. The best way is to check the documentation page and look for the GDPR note at the top of the document.
- Q: Where I can learn more about GDPR compliance?
- A: See the following:
- The EU’s official site – https://gdpr-info.eu/
- Appodeal’s primary GDPR page: https://www.appodeal.com/home/gdpr/
- Appodeal’s GDPR guide – https://blog.appodeal.com/blog/2018/05/08/appodeal-gdpr-guide/
- Appodeal’s Blog – https://blog.appodeal.com/blog/2018/05/16/gdpr-qa-getting-closer-date/
Corona is committed to making sure you can be compliant with these laws. If you have questions about this, please ask in our Community Forums.