AdTrue Documentation About GDPR Compliance
Comply with EU user consent policy
Supported ad serving options and get user consent
To support publishers in meeting their duties under this policy, AdTrue Google Ad Manager channel offers the options described below for users in the EEA and the UK
Select the type of ads you want to show
You can choose to serve non-personalized ads to all of your users in the EEA and the UK using the “Non-personalized ads” request. You also can give each of your users a choice between personalized and non-personalized ads
AdTrue can continue to show personalized ads as well as non-personalized ads to your users in the EEA and the UK. This is the setting that will be used unless you make a request to your AdTrue Account Manager
Personalized ads reach users based on their interests, demographics, and other criteria.
We will show all your users in the EEA and the UK only non-personalized ads and won’t serve other ad orders with audience targeting for users in the EEA and the UK.
When a signed-in Google user in the EEA or the UK has directly provided Google with age information, and is under the age of consent set by GDPR, we will only serve non-personalized ads to that user, regardless of the publisher's EU user consent settings
Supported ad technology providers (for personalized ads)
To help with compliance under Google’s updated EU User Consent Policy, you have the option to select your preferred ad technology providers (ATPs) from a list of companies that have provided us with information about their compliance with the GDPR — all of whom also have to comply with our data usage policy to ensure publisher data is protected.
If you select these ad technology providers (including Google and other bidders and vendors), they may use data about your users for the purposes of ads personalization and measurement.
Note the following:
Ad technology providers are not the same as mediation networks. This selection won’t affect mediation.
Choose a commonly used set of ad technology providers or create a custom set:
Commonly used set of ad technology providers: This is the setting that will be used unless you make a request with your AdTrue AM.
Custom set of ad technology providers:
You can select your preferred ad technology providers.
Clearly identify with your AM the providers you select to your users, and obtain users' consent in line with Google's EU User Consent Policy.
Set up consent gathering
- Please refer to ironSource documentation about GDPR consent setting here: https://developers.is.com/ironsource-mobile/android/regulation-advanced-settings/#step-1
- Users’ consent gathered by ironSource will be sent to Google Ad Manager via AdMob Adapter with supported API: https://developers.is.com/ironsource-mobile/general/making-sure-youre-compliant-post-gdpr/
- Please refer to MAX documentation about GDPR consent setting here: https://support.applovin.com/hc/en-us/articles/13891460597261-Privacy
AdTrue compliance with the IAB TCF v2.0
IAB Europe has finalized v2.0 of its Transparency and Consent Framework developed with IAB Tech Lab and mutual member companies. AdTrue’s Google Certified Publishing Partner now fully supports TCF v2.0.
The IAB TC string will be available in device local storage (NSUserDefaults for iOS or SharedPreferences for Android) and accessible to all mediation partners to obtain, parse, and respect when called in a mediation waterfall request.
Why is Google & AdTrue MCM Channel a "controller" under the GDPR as opposed to a "processor" of data?
We examined all of our products and assessed whether we act as a controller or a processor for each of them. We operate as a controller for our publisher products because we regularly make decisions on the data to deliver and improve the product.
The designation of Google Ad Manager as a controller does not give Google any additional rights over data derived from a publisher's use of Ad Manager and Ad Exchange. Google's use of data continues to be controlled by the terms of its contract with its publishers, and any feature-specific settings chosen by a publisher through the user interface of our products.
Which services require consent from end users?
Our EU User Consent Policy provides details on where consent is required. We have also updated our help page for the EU User Consent Policy to address questions we have received from our customers.
Our EU User Consent Policy also requires publishers to give users information about how their data will be used.
How does Google Ad Manager plan to enforce consent?
Our first priority will always be to work with our customers to get compliance right. We recognize that there will be diverse approaches to gaining consent and we are not prescriptive about the approach, provided our policy is met. For example, we know that publishers want to present different choices to their visitors. We have offered suggestions for what consent might look like at cookiechoices.org and that reflects an approach we've taken with our Funding Choices consent tool; but publishers may prefer to take a different approach. We don't envision a one-size-fits-all approach. Our policy applies to publishers and advertisers that use our products and have end users in the EEA. However, as with our enforcement of our existing policy, our first step is not a 'decision' as such; rather, we contact the customer to indicate an issue, and we will try to work with them to achieve compliance.
If you find a site that does not meet Google’s EU User Consent Policy, you can let us know via our Report policy violation form.
Can a publisher use your products without gaining consent and if so, how would it work?
We developed a non-personalized ads mode to allow publishers to either 1) present EEA users with a choice between personalized ads and non-personalized ads or 2) choose to serve only non-personalized ads to all users in the EEA.
What is Google Ad Manager’s solution for non-personalized ads?
Non-Personalized Ads allow publishers to present EEA users with a choice between personalized ads and non-personalized ads, or to choose to serve only non-personalized ads to all users in the EEA. Non-Personalized Ads only use contextual information, including coarse general (city-level) location.
For non-personalized ads, aren’t we a processor versus a controller?
Under this solution, Google Ad Manager will continue to serve in the role of a controller, as we will continue to make decisions on the data as mentioned above to optimize across publishers and improve the product.
We rely on legitimate interests as a legal basis when using personal data for activities such as serving contextual ads, ads reporting and to combat fraud and abuse.
If Google Ad Manager makes future policy changes, how will you communicate these changes to publishers?
We are sensitive to the impact of any changes we make to our EU User Consent Policy. However, if regulatory guidance changes in some significant way (for example, if that guidance were to say that in fact personalized ads can rely on legitimate interests), we would expect to reflect that in our policy. While we don't give advance notice of all changes to our policies, we made an exception for those that we're introducing to our EU User Consent Policy. In the event of further significant changes, we would want to do the same.
We will continue to have active discussions with Google & our publisher partners, as we've been doing for months, to share the latest updates and incorporate partner feedback.