Some questions on GDPR's CMP and UMP SDK

[Wing]

Hi,

I'm new to this and trying to implement the GDPR thing using Google CMP and UMP SDK, below are some questions would like to clarify, thanks.

Q1.  How this GDPR message will trigger, is it based on the user's google account registration location? or user physical location?  Eg if the user google account is registered in UK, but the user travel to Asia, download and first open the APP, will this GDPR message be triggered? if not triggered, how about when the user go back to UK? 

Q2.  If the user clicked on "Do not consent" from the GDPR message, if  the user change their mind, can the APP provide a way for user to call up this GDPR message again?

Appreciated any help, many thanks.

[Mobile Ads SDK Forum Advisor]

Hi, 

Thank you for contacting the Mobile Ads SDK support team.

Please find the answers to your questions below:

Q1.  How this GDPR message will trigger, is it based on the user's google account registration location? or user physical location?  Eg if the user google account is registered in UK, but the user travel to Asia, download and first open the APP, will this GDPR message be triggered? if not triggered, how about when the user go back to UK? 

A1. The triggering of the GDPR (General Data Protection Regulation) message is typically based on the user's physical location, specifically their current location, and the processing of their personal data within the European Union (EU) or European Economic Area (EEA). It is not solely determined by the user's Google account registration location.

In your example, if a user's Google account is registered in the UK, but they travel to Asia and download/open the app for the first time, the GDPR message may not be triggered upon their initial use in Asia because GDPR primarily applies to users within the EU/EEA. However, if the app processes personal data of users in Asia, it may be subject to other data protection laws or regulations specific to that region.

When the user returns to the UK, the GDPR message may be triggered if the app processes their personal data within the EU/EEA. The key factor is where the data processing occurs, rather than the user's account registration location.

Q2.  If the user clicks on "Do not consent" from the GDPR message, if the user changes their mind, can the APP provide a way for the user to call up this GDPR message again?

A2. If a user initially clicks on "Do not consent" from the GDPR message but later changes their mind and wishes to provide consent, the app should offer a mechanism for the user to review and potentially change their consent settings. This mechanism is often referred to as a "Privacy Settings" or "Consent Management" section within the app.

Users should be able to access this section to review their choices and change their consent preferences at any time. Providing users with the ability to modify their consent settings is an essential aspect of compliance with GDPR and similar data protection laws, as it upholds the principle of user control over their personal data.

This message is in relation to case "ref:_00D1U1174p._5004Q2p1NQ2:ref"

Thanks,
 

Mobile Ads SDK Team

[Wing]

Hi,

Thank you for your detailed response.  But would like to clarify a bit more inline below, thanks.

On Wednesday, 27 September 2023 at 15:39:58 UTC+8 Mobile Ads SDK Forum Advisor wrote:

Hi, 

Thank you for contacting the Mobile Ads SDK support team.

Please find the answers to your questions below:

Q1.  How this GDPR message will trigger, is it based on the user's google account registration location? or user physical location?  Eg if the user google account is registered in UK, but the user travel to Asia, download and first open the APP, will this GDPR message be triggered? if not triggered, how about when the user go back to UK? 

A1. The triggering of the GDPR (General Data Protection Regulation) message is typically based on the user's physical location, specifically their current location, and the processing of their personal data within the European Union (EU) or European Economic Area (EEA). It is not solely determined by the user's Google account registration location. 

A1-Q1.  First of all I'm not a lawyer,  from the link you provided on "About GDPR messages", but I just wonder the first sentence of the page " ...you must make certain disclosures to your users in the European Economics Area (EEA) and the UK... " it seems this statement is focusing on user but not the location accessing the data, so what i mean is if the user is not a EU/EEA or UK citizen why they should border this GDPR?  So just feel strange when a non-EU/EEA/UK citizen travel to EU/EEA/UK will govern by GDPR? 

 

In your example, if a user's Google account is registered in the UK, but they travel to Asia and download/open the app for the first time, the GDPR message may not be triggered upon their initial use in Asia because GDPR primarily applies to users within the EU/EEA. However, if the app processes personal data of users in Asia, it may be subject to other data protection laws or regulations specific to that region.

A1-Q2. Can I assume since the user accessing the service  (e.g. also using AdMob sdk requesting ads) in the area out of EU/EEA, so the Personal ads will be shown.

 

When the user returns to the UK, the GDPR message may be triggered if the app processes their personal data within the EU/EEA. The key factor is where the data processing occurs, rather than the user's account registration location.

A1-Q3. If the user returns to the UK,  when you say "if the app processes their personal data within the EU/EEA.. " does it include using AdMob SDK requesting ads? If yes, the GDPR message triggered (as you mentioned), and the user select "Purpose 1" and find out "Google" from the vendor preferences on the list and consented it, so can I assume only "Non-personal ads" will be shown".  If yes, after a week the user returns back to Asia and start the APP, what kind of ads will be shown? Personal or Non-Personal ads? And it will be great if you can illustrate what will happen if the user back to UK, coz this is a normal case for a biz user.

A1-Q4. if the Google account is not registered in EU/EEA/UK? and the user travels to EU/EEA/UK?  will it be the same? 

Q2.  If the user clicks on "Do not consent" from the GDPR message, if the user changes their mind, can the APP provide a way for the user to call up this GDPR message again?

A2. If a user initially clicks on "Do not consent" from the GDPR message but later changes their mind and wishes to provide consent, the app should offer a mechanism for the user to review and potentially change their consent settings. This mechanism is often referred to as a "Privacy Settings" or "Consent Management" section within the app.

A2-Q1.  According to my understanding, if "Do not consent" is selected by the user, the ads will not be shown, but how about when the user travels back to Asia? Will the Ads show again?  Since I think the user is out of EU/EEA and it should not govern by GDPR, but just wonder whether AdMob sdk will just simply referring the stored preference values (e.g. IABTCF_TCString)

Users should be able to access this section to review their choices and change their consent preferences at any time. Providing users with the ability to modify their consent settings is an essential aspect of compliance with GDPR and similar data protection laws, as it upholds the principle of user control over their personal data.

A2-Q2.  With this, so the APP we developed should able to  detect whether the user needs to have GDPR preferences settings (only in EU/EEA), if yes then needs to have an UI to let the user review their previous settings of GDPR? otherwise should hide this setting?  Also, according to my understand, we can't preset or load the values from preference to show on the GDPR message dialog (if we use UMP SDK), so if this true, then there is no way for user to modify / review their previous choices. right? correct me if I'm wrong.

[Mobile Ads SDK Forum Advisor]

Hi, 

Thank you for getting back to us.

I would recommend reaching out to the Product Support Team as they are better equipped to address your concern. Please be informed that our support channel can only best assist you with regards to Mobile Ads SDK implementation and technical issues.