Your company has designed a hot new mobile app and you decide it will need to be monetized. One of the easiest ways to initiate your mobile advertising campaign is through AdMob, Google's mobile advertising service.

However, before you start racking up clicks and ad revenues you'll need to take a good look at your privacy practices.

Does your app have a public Privacy Policy? If not, you'll need to start there. A Privacy Policy is required by law for any mobile app that collects data from its users.

In addition, Google's behavioral policies require a Privacy Policy for apps serving personalized ads.


AdMob Basics

AdMob is a simple and intuitive way to monetize a mobile application with very little effort on the part of the developer. Once you indicate where and when you want the ads to occur, Google does the rest by offering the space to their network of advertisers. These ads can be personalized to the specific demographics, wants, needs, and behaviors of your users to provide the most relevant advertising experience.

Just as Google AdSense places cookies into user web browsers in order to serve personalized advertising on computers navigating the internet, AdMob places software development kits (SDKs) onto mobile devices for the same reasons.

Due to privacy regulations and Google policies, there are a few things you'll have to complete on the backend before installing AdMob and allowing it to place SDKs on mobile devices through your mobile applications.

Legal Requirements for Interest-Based Advertising

The internet is a global marketplace. This means that most international privacy regulations will apply to your business, regardless of where your physical offices are located. The following three regulations apply to almost any business that offers its services online.

The European Union (EU) General Data Protection Regulation (GDPR) requires that anyone collecting identifiable data (including device identifiers) from people within the EU must comply.

According to the GDPR, all personal information you collect must be disclosed to users, including how and why the data is collected, as well as how it's shared with third parties. This is done through a Privacy Policy.

The California Online Privacy Protection Act (CalOPPA) will be enforceable for anyone who collects personal information from residents of California.

CalOPPA requires that you communicate which types of information you collect and who you share the information with by providing a Privacy Policy.

According to the Children's Online Privacy Protection Act (COPPA), it is illegal to serve behavioral advertising to children under 13 years of age.

  • If your mobile app is directed to children, you cannot use AdMob's personalized advertising services.
  • If it is not directed to children, then a disclaimer will need to be included in the Privacy Policy stating that your services are not intended for children under the age of 13.

The statutes listed above are only those that are connected with serving personalized advertising. There are many more requirements for a standard Privacy Policy, depending on where your company is located. You can see a list of location-based privacy laws here.

Google Behavioral Policies

Google Behavioral Policies

Aside from privacy laws, Google will only offer its AdMob service to businesses who comply with Google Behavioral Policies. These are Google's own guidelines for any mobile app that implements AdMob features.

Although AdMob has its own set of recommendations and regulations, users of the AdMob service will also be required to comply with Google Adsense Policies.

Within the Behavioral Policies, Google notes that your Privacy Policy needs to reflect the use of personalized advertising that's served via Googles Mobile Ads SDK:

Google AdMob Behavioral Policies: Personalized Advertising clause

AdMob users are also subject to Google Adsense Policies since both programs serve the same ads. Google Adsense goes into even more detail regarding the information that must be included within your Privacy Policy:

Google AdSense Content Policies: Required Content for a Privacy Policy section

As you can see, there are three major points to mention within your Privacy Policy regarding personalized advertising.

1. The Privacy Policy must state that your website features personalized advertising that is implemented through the use of anonymous identifiers or SDKs.

To illustrate this requirement, the Marketing clause from CCleaner's Privacy Policy explains their use of SDKs for the use of personalized advertising in detail:

CCleaner Privacy Policy: Marketing clause

2. Within the Privacy Policy, users must be given the option to opt-out of personalized advertising, which may include a link to the Google Ad Settings portal.

Remeasure provides this option clearly within their Privacy Policy, along with a link to find out more about how Google uses customer data:

Remeasure Privacy Policy: AdMob by Google clause

3. If third-party ads are enabled in your AdMob settings, you will need to inform users about third-party advertising on your app and offer an additional opt-out link for those third-party advertisers.

CCleaner follows its Marketing clause with a list of each third-party advertiser that appears in its mobile app, along with a link to the Privacy Policy and/or opt-out information of each:

CCleaner Privacy Policy: Chart of advertisers included in Marketing clause

Google Requirements and the GDPR

One final consideration when altering your Privacy Policy for AdMob is how you are serving personalized advertising to citizens in the EU. This is what the Adsense Policy dictates regarding advertising under the GDPR:

Google EU User Consent Policy

Any mobile app that enables AdMob and serves personalized advertising to people in the EU must follow relevant statutes of the GDPR regarding EU user consent and personalized advertising.

This includes the following:

  • Request consent from EU residents before placing local storage (SDKs) for the purposes of advertising.
  • Request specific consent for collecting, sharing, and using data for personalized advertising.
  • Keep clear records of consent for each user in the EU.
  • Provide instructions on how to revoke that consent.

Google provides this example of an appropriate solution for requesting consent from EU users to collect their information in order to serve personalized ads:

Google Ad Manager Guides: Requesting Consent from European Users - Example of GDPR consent popup notice

As mentioned above, the GDPR and Google both require you to provide users with a method to revoke their consent for personalized advertising.

Pinterest provides an easy way to do this in the Settings module of its app:

Screenshot of Pinterest app's Edit Settings screen

One of the main requirements when it comes to using AdMob is to be transparent about doing so. You can accomplish this through having a Privacy Policy that discloses how you collect and use information for advertising purposes.

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.

  1. Click on the "Free Privacy Policy Generator" button, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select platforms where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Enter the country and click on the "Next Step" button:
  7. FreePrivacyPolicy: Privacy Policy Generator - Enter the country - Step 2

  8. Continue with building your Privacy Policy while answering on questions from our wizard:
  9. FreePrivacyPolicy: Privacy Policy Generator -  Answer on questions from our wizard - Step 3

  10. Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.

    FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 4

    That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.


Relevant Examples

Still not sure how to proceed? We've put together a few examples of how other apps are preparing their Privacy Policies for AdMob advertising.

Frogmind

Frogmind is an app developer for both iOS and Android devices, known for its award-winning game Badland. Frogmind's Privacy Policy fully complies with both international privacy regulations and Google's Behavioral Policies. It begins with a rundown of the different types of personal information the company collects from users, including data collected for purposes of advertising:

Frogmind Privacy Policy: The Data We Collect clause

Frogmind then goes on to describe how and why it shares information with third-parties, specifically mentioning the sharing that is required for advertising. This disclosure is necessary for both GDPR and CalOPPA regulations:

Frogmind Privacy Policy: Advertising and Social Media Partners clause

Since most privacy regulations require that users be given access to view or change their personal information, this clause describes access rights:

Frogmind Privacy Policy: Access the personal data we hold about you clause

Frogmind makes sure to state that its service is not intended for children, which complies with COPPA:

Frogmind Privacy Policy: Age Limits clause

In order to meet Google's Behavioral Policies requirements, Frogmind includes a clause about personalized advertising:

Frogmind Privacy Policy: Why Do We Collect Your Data clause: To Show Personalized Advertisements section

Google also requires that users be provided with instructions on how to opt-out of targeted advertising. Frogmind gives them several options to do so:

Frogmind Privacy Policy: Opt-out of Targeted Advertising clause

Once a user follows the link, they are taken to an interface that shows all of the third-party advertisers within Frogmind's apps, as well as a link the Privacy Policy and opt-out choices for each advertiser:

Frogmind: Opting Out of Behaviourally Targeted Advertising and Analytics chart page

Overall, Frogmind does an excellent job of formulating the Privacy Policy to meet the various prerequisites that are necessary to serve personalized ads on mobile apps.

Cheetah Mobile

One of the leading developers in the Google Play network, Cheetah Mobile offers a variety of security, cleaning, and optimization tools for mobile phones. They are also one of Google's most successful AdMob clients. It's no surprise that their Privacy Policy is squeaky clean.

Cheetah includes a long and detailed list of personal information they collect and why. Data collected for advertising is part of the list:

Cheetah Mobile Privacy Policy: Cookies and Similar Tracking Information clause

There's also a clause that describes user access to view or change their personal information:

Cheetah Mobile Privacy Policy: Right of Access and Rectification clause

To comply with COPPA and GDPR age requirements, this clause describes Cheetah's age limits:

Cheetah Mobile Privacy Policy: Children clause

Another summary is made of information that is shared with third-parties. It's especially important to include advertising partners in this section to meet both legal and Google policies. Links are included to an Ad Choice Policy and Ads Partners Policy:

Cheetah Mobile Privacy Policy: Third-Party Business Partners clause

The Advertising Choices Policy includes an informative clause about how users can opt out of interest-based advertising:

Cheetah Mobile Advertising Choices Policy: How to Opt Out of Interest Based Advertising clause

Etermax

Etermax is a developer of some of the most popular mobile gaming applications. A lot of advertising happens within its free games.

Within the first few paragraphs of its Privacy Policy, Etermax mentions that it collects certain types of personal data to be used for personalized advertising:

Etermax Privacy Policy: Excerpt of Information We Obtain Automatically clause about location information and advertising

The policy goes into detail describing how personal data is shared with third-party advertisers, including a mention of the anonymous identifiers that are placed on user devices for advertising purposes:

Etermax Privacy Policy: Third Party Advertising and Analytics Interest Based Ad Disclosure

The developer makes it clear that it doesn't knowingly collect personal data from children. Since some Etermax games are targeted to children, they create zero-data environments for child users to comply with COPPA:

Etermax Privacy Policy: COPPA clause

The developer has a simple solution for users who wish to view or change their personal data:

Etermax Privacy Policy: User's Rights clause

A few different options for opting out of personalized advertising are available, with instructions for both Android and iOS devices:

Etermax Privacy Policy: Opting out of targeted and interest-based advertising clause

They make sure to mention the different third-parties they use to serve ads, as well as a link to the Privacy Policy of each.

Remember, measures such as those described above will need to be in place before you begin your AdMob advertising program. We hope that with these examples, you can begin to formulate a Privacy Policy that will satisfy all the legal requirements, allowing you to monetize your mobile apps compliantly.