Chocolate is fully committed to GDPR compliance across every aspect of our business. Chocolate has always been dedicated to trust and transparency. Additionally, we are proactively reaching out to our partners and advertisers to help them understand the significant impact of GDPR on their business and working together for the compliance readiness. We see GDPR as an incredible opportunity for new innovations in the industry which will ultimately improve the customer experience while generating value for our publisher partners and creating a safe and transparent marketplace for advertisers.

GDPR Compliance
iab. Tech Lab

How would Ad Mediation work with GDPR? Transparency & Consent Framework by IAB

IAB published the in-app spec for GDPR’s transparency & consent framework. Read IAB’s press release here


A shared responsibility

It is recommended to all app developers, publishers and partners using mediation SDKs, Ad network SDKs, and any other third-party SDKs to follow IAB spec to acquire, store, and retrieve GDPR parameters. Please note chocolate cannot advise you as to whether you are GDPR compliant. We are not legally authorized to do so. However, we are working to ensure that our services comply with GDPR and that our partners can continue to use our services after GDPR takes effect.

mediation SDKs


What is GDPR?

EU General Data Protection Regulation (GDPR) takes effect on May 25, 2018 across the European Union. It is a major change in data privacy that aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR will compel publishers and advertisers to rethink what information they are requesting from their customers, re-assess what they do with that information and how that information is stored.

How does GDPR affect your business?

If you are a company owner who collects or processes any personal data for EU citizens or citizens of the Norway, Iceland, and Liechtenstein, GDPR applies to you (even if your company is registered outside of these territories and doesn’t have physical operations in Europe). Fines can be high for non-compliance with GDPR: Serious infringements can result in fines of up to €20m, or 4% of your company’s global annual revenue, whichever is higher. Furthermore, mobile apps found to be non-compliant run the risk of being banned from app stores.

What do I have to do to make may business GDPR compliant?

Determination of your role is critical to design the correct privacy policy and comply with GDPR. Based on your business activities and law all the firms will fall either be a 'Controllers' and 'Processors' or both.

  • Controllers: the entity that collects and states how personal data is to be processed
  • Processors: the entity that processes personal data on behalf of the controller
What is Chocolate Platform doing?

In support of these new regulations that require user consent for EU personal data to be collected, processed and distributed for advertising purposes we have updated:

  • Publisher Data Processor Agreement
  • Our SDK product and OpenRTB protocol
  • Contract agreements with DSPs, advertiser, buyers and third-party measurement and data partners
  • Privacy Policy and Policies for Supply-side partners and
  • Our Terms of Services
Where can I see the updated Privacy Policy?

You can read the updated Privacy Policy here

Will Chocolate collect consent from end users?

Chocolate is not a first party to communicate with end-users, we require our publishers & app developers to request consent for us. An app developer or publisher who is using Chocolate Ad Mediation SDK need to pass a value of the consent to our SDK.

What do Publishers & Advertisers on Chocolate Marketplace and Chocolate Premium need to do?

Agree to the updated contract agreements which includes GDPR compliance addendum. Please contact your account manager for more details.

For more information on GDPR compliance, please write to us at