Jump to: navigation, search

GDPR

GDPR Documentation

NoteBubble.png

This documentation is preliminary and subject to change.

Overview

In compliance with the EU’s General Data Privacy Regulations (GDPR), Fuse has updated it’s SDK to provide functions for publishers to pass consent for users in the EU. This page outlines the new functionality for Fuse SDK versions 2.12 and above that publishers can use to pass consent for users.

If you have any questions regarding how Fuse helps you comply with GDPR, please email us at support@upsight.com.

Consent State

The user’s consent is represented by a Consent State mechanism and transitions between five main states:

  • Unknown
  • non-GDPR
  • Pending Consent
  • Consent Given
  • Consent Revoked

The Consent State is a persistent state reflecting the level of consent obtained from the user and has two main goals. First, to identify if the user is from EU and if GDPR applies to the user. Second, to represent if consent was given or denied. Each of the five main states will determine which Ad Networks can be enabled and how the SDK will behave. The Consent State can be changed at any time to reflect consent, as a user may choose to opt-in or opt-out of Consent while engaging with your application.

Before a user’s consent state has been captured, the SDK will be in an Unknown state, and will not collect any personally identifiable information and only initialize a limited amount of Ad Networks that can function without collecting any personal data. Warning : At the moment, the Unknown state will only allow Facebook and Internal Fuse Campaigns to be initialized.

From the Unknown state, the user’s device will communicate with Fuse servers which will determine if the user is from Europe or not, changing the Consent State accordingly.

If the end user of the application Fuse SDK is not in Europe, the Consent State will automatically transition to non-GDPR state. The Fuse SDK will function as it has previously.

If the end user is in Europe, the Consent State will automatically transition to Pending Consent. The Pending Consent state functions identically to Unknown, the Fuse SDK will not collect any identifiable information and will only initialize Ad Networks that can function without collecting any personal data. At this point, the requestGDPRconsent callback will fire from the Fuse SDK.

If the Fuse SDK is in a Consent Revoked state, the Fuse SDK stops collecting personal data and will stop loading or showing ads from Ad Networks that require personal data.

If the Fuse SDK is in a Consent Given state, the Fuse SDK will function as before and pass consent to Ad Networks. If the user chooses to revoke consent, the Fuse SDK does not have the ability to “stop” Ad Networks that have already initialized. The Fuse SDK will stop loading and showing Ads from Networks that require personal data in the current session. The next time the Fuse SDK is started, it will no longer initialize Ad Networks that require personal data.


GDPR Functions

requestGDPRconsent

This callback will fire when the Fuse SDK determines that consent needs to be obtained for the application. From this point, the developer should present something to the user in order to obtain consent or use the setGDPRState function if consent has already been obtained / denied. The Fuse SDK will never ask the user for consent directly and it is up to the developer to ask for consent and pass the level of consent obtained to the Fuse SDK.

Native Android

In FuseSDKListener, please listen to the function :

void requestGDPRConsent()

Native iOS

Listen to the following FuseDelegate callback :

-(void) requestGDPRConsent;

Unity

In FuseSDK, please subscribe to the function :

event Action RequestGDPRConsent

getGDPRState

This function returns the what the Fuse SDK currently has stored as the consent state via enum. The following is a legend for the how Fuse interprets the states :

  • FUSE_GDPR_UNDEFINED = 0
  • FUSE_GDPR_NON_GDPR = 1
  • FUSE_GDPR_PENDING_CONSENT = 2
  • FUSE_GDPR_CONSENT_GIVEN = 3
  • FUSE_GDPR_CONSENT_WITHDRAWN = 4

Native Android

Via FuseSDK, please use the function :

GdprState getGDPRState()

Native iOS

Please use the function :

+(int) getGDPRState;

Unity

In FuseSDK, please use the function :

GDPRState GetGDPRState()

setGDPRState

Once consent has been obtained or denied, the developer can then pass the level of consent to the Fuse SDK via the setGDPRState method. The function will then try to update the Fuse’s internal GDPR state variable to the new state if possible. Please refer to the following table for valid transitions from Start State to a different Consent State :

Start State Unknown Non-GDPR pending_consent consent_Given consent_revoked
Unknown YES YES YES YES YES
Non-GDPR NO YES YES YES YES
pending_consent NO NO YES YES YES
consent_Given NO NO NO YES YES
consent_revoked NO NO NO YES YES

Native Android

Via FuseSDK, please use the function :

boolean setGDPRState(GdprState gdprState)

Native iOS

Please use the function :

+(bool) setGDPRState:(int) state;

Unity

In FuseSDK, please use the function :

bool SetGDPRState(GDPRState state)

Example Scenarios

Here are three example scenarios regarding users and how the Fuse SDK behaves :

Scenario 1 = User not in the EU

  1. The user launches the application for the first time and the Fuse SDK will report the Consent State = Unknown
  2. The Fuse API backend will communicate with the user and see that the user is not in the EU and change the Consent State = non-GDPR
  3. No more interaction needed


Scenario 2 = User from the EU
  1. The user launches the application for the first and the Fuse SDK will report the Consent State = Unknown
  2. The Fuse API backend will communicate with the user and see that the user is in the EU and change the Consent State = Pending Consent
  3. Consent callback is triggered to inform the the publisher so that they can pass consent to the Fuse SDK
  4. Publisher is in charge of setting the Consent State to Consent Given or Consent Revoked


Scenario 3 = User initially not from EU but now in EU
  1. Scenario 1 applies first and the Consent state is set to non-GDPR
  2. The user launches the application in the EU and the Fuse API backend identifies the user as in the EU.
  3. The Fuse API backend will communicate with the user and change the Consent State = Pending Consent
  4. Consent callback is triggered to inform the the publisher so that they can pass consent to the Fuse SDK
  5. Publisher is in charge of setting the Consent State to Consent Given or Consent Revoked