Quick Links: Download Gideros Studio | Gideros Documentation | Gideros community chat | DONATE
Gideros and GDPR? - Page 3 — Gideros Forum

Gideros and GDPR?

135

Comments

  • simwhisimwhi Member
    Hi guys,

    It would be great to get some feedback about my temporary fix to only show NPAs.

  • SinisterSoftSinisterSoft Maintainer
    Possibly the only thing to do. Do you know though if that flag is ignored by the provider if the user isn't in Europe?
    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
  • simwhisimwhi Member
    edited June 2018
    @SinisterSoft I think the flag just sets NPA regardless of location.

    I don't get any banner ads either.
  • SinisterSoftSinisterSoft Maintainer
    No I mean - internally to the ads system - if they check ip and ignore that flag if outside the EU.
    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
  • simwhisimwhi Member
    edited June 2018
    I don't think it ignores non EU countries. Could find and explicit answer, though.

    This thread was interesting.

    https://www.badlogicgames.com/forum/viewtopic.php?f=11&t=27786&start=10

    If we could have a Lua call to set for NPA / personalised ads, I think that would be a great start.

    Likes: dreiko65

    +1 -1 (+1 / -0 )Share on Facebook
  • simwhisimwhi Member
    edited June 2018
    For Admob, could we add an extra parameter to this method for simplicity?:
    public void setKey(final Object parameters){
    	SparseArray param = (SparseArray)parameters;
    	adsID = param.get(0);
     
            if(param.get(1) != null)  //the second is the appid required by the api
            {
                appID = param.get(1);
                MobileAds.initialize(sActivity.get().getApplicationContext(), appID);
            }
        }<
    /pre>

    Likes: SinisterSoft

    +1 -1 (+1 / -0 )Share on Facebook
  • SinisterSoftSinisterSoft Maintainer
    Under GDPR I don't think you are allowed to block if they don't agree. Do a block wall could actually be worse - eg agree or you don't play.
    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
  • simwhisimwhi Member
    edited June 2018
    @SinisterSoft I'm not sure about the legal side to be honest. If we can provide an NPA parameter then we can display a consent screen before they use the app.
  • simwhisimwhi Member
    We also need to find a reliable way to get the user location.
  • simwhisimwhi Member
    @SinisterSoft We don't want to block users. I agree that would not be good.
  • SinisterSoftSinisterSoft Maintainer
    No, but if you get consent you also need a way or removing the data in the future and also delivering them all the data you have.
    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
  • jdbcjdbc Member
    edited June 2018
    Removed Chartboost account and unpublished all games with Ads for the moment. Anyway I do not got any money, there is no reason to take the risk of a fine.

    There is no way to follow GPDR using Ads in my opinion. I have to provide a way to provide personal user data, but I do not manage any data. This is an stupid law.

    Likes: SinisterSoft

    +1 -1 (+1 / -0 )Share on Facebook
  • simwhisimwhi Member
    @SinisterSoft Sure. We don't want consent from EU users for the very point that you made in your post.

    What are our options:
    -We could remove our free apps from EU countries.
    -We could just provide NPA ads to EU countries. Most of our downloads are from outside of the EU.

    We have removed all ads/analytics from all of our apps. We need to find some solution as our revenue has significantly dropped.

  • SinisterSoftSinisterSoft Maintainer
    I think that currently it's crazy and the tools are not in place (forget info and retrieve info) from the ads providers. I also wonder why people would not want personalised ads vs impersonal ads - as long as that personal data isn't sold on.

    All the EU should have done is make a law that data gathered for personal ads cannot be sold on before being anonymised. Then nobody would have any problem at all.
    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
  • simwhisimwhi Member
    @SinisterSoft I totally agree that is crazy.

    Currently, we are not making any revenue in our apps. This revenue is fairly significant to us. What is the situation with other Gideros developers? Have you removed all advertising?

    Are there any solutions that we can implement so that we can serve ads that are either NPA in the EU and personalised elsewhere, or any other ideas?

    Our downloads are mainly outside of the EU.
  • SinisterSoftSinisterSoft Maintainer
    I think that most people are not worrying about it right now, so they are keeping things the way they were before. Don't forget some people may choose not to update to your latest version - so technically you are collecting their data now by them using an old version.

    Likes: antix

    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
    +1 -1 (+1 / -0 )Share on Facebook
  • simwhisimwhi Member
    @dreiko65

    Thanks for that. How would we implement the consent SDK with Gideros? After looking at the developer documentation (https://developers.google.com/admob/android/eu-consent), it looks like you have to implement it in the main activity of the Android app. Or could the Admob plugin deal with this? Any advise would be greatly appreciated.
  • simwhisimwhi Member
    FYI: I have managed to get the consent form code as outlined in google developer docs. Everything compiles and the APK works on a device. However, the form is not shown. I think it has something to do with the activity/view.

    How can be display a form over the main activity for Gideros?

    Any help would be much appreciated. I will also share my solution to anyone that is interested.

    Out of interest, does anyone on the forum use admob?

    Cheers

    Si
  • antixantix Member
    I use admob because I have got it working and am too lazy to use anything else :)

    Likes: oleg

    +1 -1 (+1 / -0 )Share on Facebook
  • simwhisimwhi Member
    Hi @antix @SinisterSoft @jdbc @totebo @hgy29 @MobAmuse

    Is anyone concerned about GDPR?

    For us, as a small business with some reasonable app success, we think that this legal requirement is really important to all developers.

    We decided to remove all ads from our games until we can be fully GDPR compliant. This decision has dramatically reduced our monthly income.

    I have managed to get the admob plugin to show only NPA ads (only interstitial ads) but it's not enough to be completely compliant. Our understanding is that users need to explicitly consent.

    I think the admob consent SDK needs to be a implemented as a plugin so that consent can be queried and changed (by the user) at any time. The admob plugin will also need to be updated to show ads that a user has consented to.

    An outline of a solution using the admob consent SDK:

    1. Query if a user is in the EEA.
    - If a user is not in the EEA then no consent is required. The consent SDK has a
    method that can determine a user's location.
    - For developers with a lot of users outside of the EEA your apps will continue to
    show personalised ads.

    2. Query if a user has given consent (PA, NPA, UNKNOWN)
    - The consent SDK can track users consent. A developer does not need to store any
    consent permissions.

    3. Present the consent form to user to agree to
    - The consent SDK determines which ad providers you use and then it presents this
    information to the user. Developers do not need to provide text (multiple languages)
    for this other than your own privacy policy URL.
    - The admob console is used to configure which ad providers you use.
    - A publisher key is required to query consent.

    4. Allow a user to change consent.
    - By law, a user has the right to opt-in / opt-out at any point
    - For users affect by GDPR, the consent form provides privacy links for each ad
    provider. These links should provide information about the right to be forgotten
    etc.

    The outline presented above is based on our knowledge. We would really like to have an open discussion on how it affects other developers as well as coming up with a solution that will benefit everyone.

    We really appreciate the massive effort that goes into maintaining Gideros and are more than happy to help and test any solution.

    Thanks,

    Simon
  • SinisterSoftSinisterSoft Maintainer
    edited June 2018
    Simon, a link to the ads providers page re the right to be forgotten won't be enough - if the ads providers have implemented this (I don't think any have) simply going to the providers site via a link won't be enough - your app's advert user id is anonymised by your phone so that the actual identity can't be tracked already - so how can the user tell the ads company to forget the information?

    Also there is no method to retrieve the information in a machine readable form and give it to the user - no ads provider has provided this api command yet.

    For now I think the best solution (for admob) is to query the location of the user, then if within the EU, request non personal ads. No need to ask them the question or not.
    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
  • hgy29hgy29 Maintainer
    Hi Simon,

    I personnaly decided to not care that much about GDPR about games since I roughly earn -100$/year with games (yeah notice the minus sign). It is kind of obvious that EU regulators won't look too close at my business...

    Anyhow I understand your concerns, but even if you do what you suggests it won't be enough: you have to give a way to your users to delete the data collected. You could tell them that they can conact you to remove the personal data you collected, but can you actually ask google/admob to remove private data collected for a particular user ?

    IMHO, and if ads are your only source of income, you'd better just display a warning to users telling them that the ads system collects anonymized usage data and if they don't agree they shall quit the app immediately. That doesn't solve the right to delete private data though...
    +1 -1 (+2 / -0 )Share on Facebook
  • SinisterSoftSinisterSoft Maintainer
    I personally think that soon it will all blow over and basically be like the cookie consent law - that most companies ignore completely OR new commands will be added to advert apis so that data can be forgotten and also data can be retrieved (once the EU gets a big fish with a fine!).

    Likes: antix

    Coder, video game industry veteran (since the '80s, ❤'s assembler), arrested - never convicted hacker (in the '90s), dad of five, he/him (if that even matters!).
    https://deluxepixel.com
    +1 -1 (+1 / -0 )Share on Facebook
  • simwhisimwhi Member
    hgy29 said:

    Just to clarify, Gideros has no internal issue with GDPR, since you are not required to show ads nor to collect analytics. But to ease things a bit maybe gideros could be modded so as to enable/disable plugins at run time.
    That way the developer could prompt the user for consent before enabling ads and analytics (or anything else).

    However I bet most users will say no to ads and analytics...

    @hgy29 Would it be possible to implement the following opt-in options for Firebase?

    https://firebase.google.com/support/privacy/

    Scroll down to: Guides for enabling opt-in for end-user personal data processing

    Crashlytics: Enable Opt-in Reporting
    Crash Reporting: Enable Opt-in Reporting
    Performance Monitoring: Enable Opt-in Monitoring
    Analytics: Disable Analytics Collection
  • I am making a custom GDPR consent form for my game. I give two options, you can either chiose to see relevant ads or just buy the ad free version. Is this a good approach? Do I have to also give the option for less relevant ads? The point is that by watching rewarded ads you get free hints. Obviously the text is going to change to explain my privacy policy and stuff. Also some google links are going to be added.
    Screenshot_2018-08-12-13-25-45.png
    1440 x 2560 - 406K
  • Apollo14Apollo14 Member
    edited August 2018
    dreiko65 said:

    I am making a custom GDPR consent form for my game. I give two options, you can either chiose to see relevant ads or just buy the ad free version. Is this a good approach? Do I have to also give the option for less relevant ads? The point is that by watching rewarded ads you get free hints. Obviously the text is going to change to explain my privacy policy and stuff. Also some google links are going to be added.

    Make fields "I'm over 18"&"Show relevant ads" pre-checked.

    It seems like you really want user to read everything and think about it.
    It should look like a standard boring "privacy policy" that everybody skips everytime.
    Top app publishers do it like that (they consider it as design flaw when something's making user think too much).

    Likes: oleg

    > Newcomers roadmap: from where to start learning Gideros
    "What one programmer can do in one month, two programmers can do in two months." - Fred Brooks
    “The more you do coding stuff, the better you get at it.” - Aristotle (322 BC)
    +1 -1 (+1 / -0 )Share on Facebook
  • @Apollo14 thanks for your feedback. What you suggested is quite easy to be done. Although my concern is if this is a "legal" and proper way to ask for consent.
  • dreiko65 said:

    @Apollo14 thanks for your feedback. What you suggested is quite easy to be done. Although my concern is if this is a "legal" and proper way to ask for consent.

    top publishers do it this way, everybody knows it's just a stupid formality

    Likes: oleg

    > Newcomers roadmap: from where to start learning Gideros
    "What one programmer can do in one month, two programmers can do in two months." - Fred Brooks
    “The more you do coding stuff, the better you get at it.” - Aristotle (322 BC)
    +1 -1 (+1 / -0 )Share on Facebook
  • olegoleg Member
    Players do not have to give a choice

    there should simply be a policy warning

    Likes: SinisterSoft

    my games:
    https://play.google.com/store/apps/developer?id=razorback456
    мій блог по гідерос https://simartinfo.blogspot.com
    Слава Україні!
    +1 -1 (+1 / -0 )Share on Facebook
Sign In or Register to comment.