As of May 25th 2018, the GDPR has been fully enforced which means that for your client in the EU, you must ensure that your apps are compliant.
Service providers have been updating their SDKs to offer methods that allow you to opt in and out of data collection. Some service providers require users to provide their own "opt-in" dialog, which must present a clear choice to the end-user and allow them to either opt-in to having their data collected and processed, or opt-out entirely.
The GDPR does not permit automatically opting users in, even if an opt-out method is provided; it must be an explicit opt-in.
What changes are needed?
There are many ways that service providers are changing their service to become GDPR compliant. Enhance is doing a lot of work to standardise these different methods to make compliance as easy as possible for app developers and publishers. Although Enhance can help make it easier to ensure your apps are compliant, Enhance does not guarantee compliancy at any level and the responsibility is ultimately yours to make sure you are doing everything according to the regulation.
In order to help you make your apps GDPR compliant, we've added the following methods to Enhance:
boolean Enhance.requiresDataConsentOptIn( callback<boolean> )
This method returns true to the callback method when any kind of opt-in is required by services that are included in your app. This will check if the user is within a country where GDPR regulations are enforced, and whether you have any services that require opt-in which are not already opted into. If this method returns false then all of your SDKs will be operating as normal, or the user has explicitly opted out of data collection/processing.
Enhance.showServiceOptInDialogs( [ optional list of services... ] )
This method will instruct any services which contain built-in opt-in dialogs to display them. If you optionally provide a list of services to this method, only dialogs from those services will be displayed. During the Enhance process you will see information about the 'Opt-In Dialog' which will inform you about which services allow this type of opt-in. Using SDKs with built-in dialogs is the easiest way to ask whether your users would like to opt-in.
Enhance.serviceTermsOptIn( [ optional list of services... ] )
Calling this method will opt the current user in to data collection and processing using the services that you selected during the Enhance process. This should be used for any services which don't provide their own opt-in dialogs (listed as 'Explicit Opt-In' rather than 'Opt-In Dialog' when Enhancing).
You can optionally pass in a list of service IDs to be opted into. This allows you to be specific about which services have been opted into, for example you may present a dialog requesting permissions to log analytics for improving your game, and for personalising ads - if the user selects only to allow analytics and not to allow ad targeting, then you can be specific about which services are opted into and which are not.
You should only call this method after showing a clear consent dialog which contains all of the consents required by the services that you want your users to opt into. See the "Displaying your own GDPR opt-in dialog" section below for more information. It is very important that you make sure your dialog explains what is happening clearly to the user when using this feature.
Enhance.serviceTermsOptOut( [ optional list of services... ] )
This explicit opt-out will instruct any services that you're using that the user has specifically declined an opt-in to their data collection and processing. It can also be used to revert a previous opt-in decision by the user - if the user chooses to revoke their consent.
If you do not specify a list of services, all services will be opted out from. If you specify a list, only those services will be opted out from.
Displaying your own GDPR opt-in dialog
Some services require you to display your own opt-in dialog. During the Enhance process, you will be notified when you select a service that requires a custom opt-in dialog - it will be marked as 'Explicit Opt-In' and there will be a reminder of the methods that need to be invoked to handle this.
It's very important that you display an accurate opt-in dialog to your users. It is your responsibility to make sure that this meets the standards of the regulation, but here's how you can get started:
- Visit the website of the service providers which require a custom opt-in to find information on wording and consent needed
- Build your own dialog in your app which clearly presents the user with the wording and clearly identifies what the user is giving consent to
- Allow the user to choose to opt-in or to opt-out of the data collection and processing. They must have the option clearly presented to them!
- If the user chooses to opt-in, call the Enhance.serviceTermsOptIn( [...] ) method, or if the user chooses to opt-out, call the Enhance.serviceTermsOptOut( [...] ) method.
GDPR Compliant Services
Enhance is updating all of the SDKs that we support to versions which support GDPR compliance, however some SDK providers have not yet released GDPR compliance methods, or have opted to not update their SDK with specific GDPR compliance
When we update an SDK to a version with specific GDPR compliance features, we will mark them with a green "GDPR" ticked label on the SDK selection page.
Some services do not require GDPR compliance features. We aim to update the site to reflect services which do not require GDPR compliance callbacks, however in the meantime if you are using a service that does not have a GDPR tick next to it on the Enhance site, be sure to check the website and help sections of that particular SDK to see what is required for compliance.
Finally, if you notice any SDKs that need to be updated or SDKs that should be marked as compliant, please contact us to let us know at firstname.lastname@example.org