Chocolate Mediation SDK GDPR Update

Chocolate Mediation SDK GDPR Update

As you may be aware, GDPR (General Data Protection Regulation) is going into effect on May 25th, 2018. This regulation aims to give EU users more control over their personal data.

What is GDPR

GDPR establishes new requirements on companies that collect, use, and share data about EU citizens. Starting on May 25th, 2018, all companies handling data of EU citizens must adhere to these new data privacy and security measures – regardless of whether the company is located within EU or not. Companies that fail to comply could be subject to fines as high as 4% of annual global revenue.

IAB Consent Framework

IAB, the Interactive Advertising Bureau, is an organization comprised of more than 650 media and tech companies that are responsible for selling, delivering, and optimizing digital advertising.

IAB has established GDPR Consent Framework to help all parties in the digital advertising chain ensure they comply with GDPR when processing personal data or accessing data on user devices.

The key idea of IAB Consent Framework is to provide a standard for acquiring user consent and producing a lightweight string that can be transported throughout the digital advertising ecosystem.

IAB GDPR Mobile In-App Spec

This spec outlines how mobile apps can acquire user consent and store the consent string.

The key idea of this in-app spec is the following.

CMP (consent management platform) SDK can be used for determining the GDPR applicability and, when applicable, showing the user interface for user consent acquisition.

The spec recommends that CMP stores the GDPR flag and consent string in NSUserDefaults (iOS) or SharedPreferences (Android). Then, any third-party SDKs can retrieve the GDPR consent string from this common location.

Note: I was one of the co-authors of IAB GDPR Mobile In-App Spec and wrote the section, ‘How would ad mediation work.’

How the GDPR-Ready Chocolate Mediation SDK Works

We just announced the availability of GDPR-Ready Chocolate Mediation SDK, 2.5.4.

See below for the details of how it works.

GDPR flag and user consent value check:

  • Chocolate Mediation SDK first checks NSUserDefaults (iOS) or SharedPreferences (Android) to see if GDPR flag or consent string is stored there
  • We also provide methods to manually set GDPR flag and consent string value (in case your CMP SDK does not save in NSUserDefaults or SharedPreferences).

Mediation of demand SDKs:

  • If user is not subject to GDPR, Mediation SDK will run mediation across all demand SDKs
  • If user is subject to GDPR, Mediation SDK will run mediation only among the demand SDKs that are GDPR ready.

What if I don’t have a CMP Solution?

You don’t have to worry if you don’t have a CMP solution. In case Chocolate Mediation SDK cannot retrieve the GDPR parameter values from the above two sources, it falls back to internal logic and handles the mediation in a GDPR compliant way.

What’s My Next Step?

In summary, all you need to do is to update Chocolate Mediation SDK to the latest version, 2.5.4.

Get started here:

SDK Documentation

As always, for any question, please feel free to reach out to us at