Verizon Media is committed to ensuring our services comply with all regulatory laws and requirements. This guide will provide information for publishers to comply with these regulations.
Even though SDK’s COPPA and Privacy settings can be set and changed at any time, it is recommended they be initially set after SDK initialization and prior to ad retrieval. Any changes to the settings will impact subsequent ad requests. Any ads that are retrieved prior to a change (including ads that may have been cached) are not impacted by changed settings and may not be in immediate compliance with the user’s status.
Children’s Online Privacy Protection Act (COPPA)
Children’s Online Privacy Protection Act (COPPA) helps ensure that child-directed apps or children in general are not exposed to inapproriate ads or ad targeting. The Verizon Ads SDK provides an API to indicate the COPPA status of a user. By default, COPPA is set to false, which indicates the user does not fall under COPPA. It is important for the value to be set to true if the user is protected by COPPA to ensure legal compliance.
Verizon Ads SDK provides an easy way for publishers to comply with the privacy regulations. This section will provide guidence to publishers to be compliant with European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) regulations.
The General Data Protection Regulation (GDPR) is a regulatory framework designed to give people in Europe more control over their data. Its requirements apply to any organization that processes the personal data of European Union (EU) residents. To learn more about Verizon Media’s approach to privacy and data protection, we recommend visiting Verizon Media and GDPR: Resources for our advertisers and publishers.
The California Consumer Privacy Act (CCPA) introduces new data privacy rights for California consumers, To learn more about Verizon Media’s approach in regards to CCPA, we recommend this article on Verizon Media’a Privacy Center.
In order to use the Verizon Ads SDK to serve personalized advertising (based on information such as device advertising identifiers, location, and other personal data) to EU users, publishers need to obtain consent for the use of Verizon Media products. The Verizon Ads SDK exposes a Privacy API that allows publishers to provide information about the user’s consent permissions.
Because every app’s user experience is different, the Verizon Ads SDK does not prompt or provide a mechanism to prompt users for their consent. Once consent has been obtained for a user, the
setPrivacyData API should be set prior to making an ad or bid request.
Setting Privacy Data
If your app falls under the GDPR jurisdiction, and you obtained the necessary consent data from the user, you need to add it to the consentMap which must be added to the privacyData object. Failure to do so will result in the SDK treating ad requests as falling under GDPR restrictions, regardless of the consent status.
Although the Verizon Ads SDK will perform a geo-IP lookup on startup (and periodically over the app’s lifecycle), there are situations and edge cases where the SDK cannot determine if a user falls under GDPR jurisdiction based on their IP address. To ensure compliance, publishers can set
collectionMode to “DoNotCollect” (as shown in the example code above). Setting
collectionMode to “DoNotCollect” prevents the SDK from collecting or sending personal data on its ad or bid requests.
GDPR: Sending EU Consent Strings
For users that have consented to the use of Verizon Media ad products for advertising personalization, the Privacy API provides a generic mechanism to pass that consent information. Please note that Verizon Media currrently supports the IAB’s GDPR Transparency and Consent Framework. Please reach out to your account manager or our Support team for the most up-to-date guidance on consent string formats and support plans.
Depending on the platform,
setPrivacyData takes a generic Map or Dictionary. Do not include the “gdpr” key in the privacy map if the request does not fall under GDPR jurisdiction. Please refer to the example code above for how to set the EU Consent string for the user so that it can be sent on ad or bid requests to the Verizon Media SSP.
Please note that the Verizon Media SSP will verify the format and validity of any EU Consent strings prior to processing any personal data. If consent cannot be verified, the SSP will drop any personal data contained in the request.
CCPA: Sending US Privacy String
Verizon Media aims to make it as easy as possible for publishers to comply with the California Consumer Privacy Act (CCPA) regulations. Publishers have two options for complying with the regulation:
Using the DAA’s Opt-Out tool. You can learn more about this tool here.
Setting the US Privacy string. Once you have got the user’s consent, you can use the Privacy API to pass consent information. You can learn more about how to generate the US Privacy consent string on IAB’s CCPA compliance website. Once the US Privacy consent string has been generated, you can use
setPrivacyDataAPI to pass the us_privacy string. Please refer to the above code samples for more information.