Chocolate is fully committed to GDPR compliance across every aspect of our business. Chocolate has always been dedicated to trust and transparency. Additionally, we are proactively reaching out to our partners and advertisers to help them understand the significant impact of GDPR on their business and working together for the compliance readiness. We see GDPR as an incredible opportunity for new innovations in the industry which will ultimately improve the customer experience while generating value for our publisher partners and creating a safe and transparent marketplace for advertisers.
How would Ad Mediation work with GDPR? Transparency & Consent Framework by IAB
IAB published the in-app spec for GDPR’s transparency & consent framework. Our very own Lloyd Lim, Sr. Director of Product, co-wrote the spec, specifically the portion around “How would Ad Mediation work?“. If you haven’t read, please provide comment as the public comment period is ending June 1st. Feedback from app developers is critical to providing a clear and consistent method for handling consent in the in-app ecosystem.
Read IAB’s press release here
A shared responsibility
It is recommended to all app developers, publishers and partners using mediation SDKs, Ad network SDKs, and any other third-party SDKs to follow IAB spec to acquire, store, and retrieve GDPR parameters. Please note chocolate cannot advise you as to whether you are GDPR compliant. We are not legally authorized to do so. However, we are working to ensure that our services comply with GDPR and that our partners can continue to use our services after GDPR takes effect.
FREQUENTLY ASKED QUESTIONS
EU General Data Protection Regulation (GDPR) takes effect on May 25, 2018 across the European Union. It is a major change in data privacy that aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR will compel publishers and advertisers to rethink what information they are requesting from their customers, re-assess what they do with that information and how that information is stored.
If you are a company owner who collects or processes any personal data for EU citizens or citizens of the Norway, Iceland, and Liechtenstein, GDPR applies to you (even if your company is registered outside of these territories and doesn’t have physical operations in Europe). Fines can be high for non-compliance with GDPR: Serious infringements can result in fines of up to €20m, or 4% of your company’s global annual revenue, whichever is higher. Furthermore, mobile apps found to be non-compliant run the risk of being banned from app stores.
- Controllers: the entity that collects and states how personal data is to be processed
- Processors: the entity that processes personal data on behalf of the controller
In support of these new regulations that require user consent for EU personal data to be collected, processed and distributed for advertising purposes we have updated:
- Publisher Data Processor Agreement
- Our SDK product and OpenRTB protocol
- Contract agreements with DSPs, advertiser, buyers and third-party measurement and data partners
- Our Terms of Services
Chocolate is not a first party to communicate with end-users, we require our publishers & app developers to request consent for us. An app developer or publisher who is using Chocolate Ad Mediation SDK need to pass a value of the consent to our SDK.
Agree to the updated contract agreements which includes GDPR compliance addendum. Please contact your account manager for more details.