icon-plus Article
May 23 2018

GDPR: Get Your Mobile Apps Ready

Why should you read this article?

Because you'll get tips on getting mobile apps ready for GDPR, which goes into effect on May 25, 2018.
Marine Desoutter

GDPR will go into effect on Friday. Here are a few reminders to help you get ready!

How does GDPR impact mobile app advertising?

Under GDPR, the use of mobile advertising IDs and other personal data will be restricted to users who have explicitly given their consent. In the mobile app environment, the IDFA / Advertising ID / Lat-long are the typical types of personal data that will require consent from the user before being processed by any vendor.

The consent information needs to be stored and transmitted throughout the advertising ecosystem as presented in the illustration below.


Source, IAB Europe, Presentation, March 8th 2018


What is “consent” according to GDPR?

Key principles

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

-The data subject has the right to withdraw his or her consent at any time

-The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data

What GDPR solutions and guidelines has the IAB published?

The IAB has released the Advertising Industry’s Transparency & Consent Framework, which provides a technical industry solution allowing website operators and mobile app providers to

-Control the vendors they wish to allow to access their users’ browsers or apps and process their personal data, and disclose these choices to other parties in the online advertising ecosystem

-Seek user consent under the ePrivacy Directive (for setting cookies or similar technical applications that access information on a device) and/or the GDPR in line with applicable legal requirements, and signal the consent status through the online advertising ecosystem

In that regard, the IAB framework recommends actors implement a Consent Management Provider (CMP). A CMP provides publishers and advertisers with a mechanism to obtain consent, and then control which third-party vendors can request consent to track users of their websites and apps.

How can app developers comply with GDPR within the Framework of the IAB ?

Environment Retrieve and store user consent Pass along consent to the advertising chain Recommended timeline 
iOS apps Choose a CMP. The list of IAB approved CMPs is here.

Smart has developed an open source CMP SDK for iOS. 

Upgrade application advertising SDK.

For Smart customers: Display SDK version 6.9 & Instream video SDK version 1.2.0.  

Before May 25th 
Android apps Choose a CMP. The list of IAB approved CMPs is here.

Smart has developed an open source CMP SDK for Android.

Upgrade your Display SDK to version 6.9 & Instream video SDK to version 1.2.0.  Before May 25th 


 What are the benefits of the Smart Mobile App CMP?

-Free of charge

-Open source CMP

Native solution to offer optimized time load and user experience

Independent from our Display and Instream SDK

Compliant with IAB Transparency & Consent Framework specifications


Where can you find the Smart Open Source Mobile CMP? 


Android CMP


What are the risks for app publishers who DON’T implement a CMP and DON’T collect consent for each vendor involved?

The CMP aims at providing a complete solution to ensure full compliance with GDPR by enabling user consent management for every involved vendor. Publishers need to be aware of that when making their choice (or when implementing their consent management solution).

Our legal manager Karine Laye shares the following insight:

“When a publisher acts as Data “controller”, he is responsible for the collection of a valid consent, explicit and freely given from its users. Every user should then be able to freely accept the processing of their  data by being clearly informed. The user has the right to know who accesses their data, and for what purposes. A user shouldn’t accept that http calls containing its user identifier are transmitted to all third party partners of a single vendor without being previously informed by the publisher. This topic is particularly sensitive for mobile apps because mobile user ID are more persistent than cookies.”

Related news

Article May 25 2018

Last Call for GDPR

The new European rules and regulations are coming into force on May 25! Are you sure you’ve done everything to be GDPR compliant? Get CMP, SDK and compliancy info in this blog post.

  • Last week, Smart sponsored the annual Engage Conference (Italy) around advertising and digital communication themes… https://t.co/vovrTDDODZ
  • Our Country Manager of the DACH Region will sit on a panel about "Media Buying Instream and Outstream: What is miss… https://t.co/JjKK0SdMpZ
  • 1 hour left!! The expert workshop "Why is programmatic guaranteed the ultimate level in private transactions?" will… https://t.co/t19JrJM41P
  • Featured on @CB_News Omnicom Media Group-OMG has just announced its latest offering, via SmartRTB +, to help client… https://t.co/FsCkBVGmEu
  • An in-depth profile feature with Smart's newly appointed CEO Arnaud Creput on @Strategies written by @ManuGavard Se… https://t.co/p1J38ZbgFE