Your company has designed a hot new mobile app and you decide it will need to be monetized. One of the easiest ways to initiate your mobile advertising campaign is through AdMob, Google's mobile advertising service.
However, before you start racking up clicks and ad revenues you'll need to take a good look at your privacy practices.
AdMob is a simple and intuitive way to monetize a mobile application with very little effort on the part of the developer. Once you indicate where and when you want the ads to occur, Google does the rest by offering the space to their network of advertisers. These ads can be personalized to the specific demographics, wants, needs, and behaviors of your users to provide the most relevant advertising experience.
Just as Google AdSense places cookies into user web browsers in order to serve personalized advertising on computers navigating the internet, AdMob places software development kits (SDKs) onto mobile devices for the same reasons.
Due to privacy regulations and Google policies, there are a few things you'll have to complete on the backend before installing AdMob and allowing it to place SDKs on mobile devices through your mobile applications.
Legal Requirements for Interest-Based Advertising
The internet is a global marketplace. This means that most international privacy regulations will apply to your business, regardless of where your physical offices are located. The following three regulations apply to almost any business that offers its services online.
The European Union (EU) General Data Protection Regulation (GDPR) requires that anyone collecting identifiable data (including device identifiers) from people within the EU must comply.
The California Online Privacy Protection Act (CalOPPA) will be enforceable for anyone who collects personal information from residents of California.
According to the Children's Online Privacy Protection Act (COPPA), it is illegal to serve behavioral advertising to children under 13 years of age.
- If your mobile app is directed to children, you cannot use AdMob's personalized advertising services.
Google Behavioral Policies
Aside from privacy laws, Google will only offer its AdMob service to businesses who comply with Google Behavioral Policies. These are Google's own guidelines for any mobile app that implements AdMob features.
3. If third-party ads are enabled in your AdMob settings, you will need to inform users about third-party advertising on your app and offer an additional opt-out link for those third-party advertisers.
Google Requirements and the GDPR
Any mobile app that enables AdMob and serves personalized advertising to people in the EU must follow relevant statutes of the GDPR regarding EU user consent and personalized advertising.
This includes the following:
- Request consent from EU residents before placing local storage (SDKs) for the purposes of advertising.
- Request specific consent for collecting, sharing, and using data for personalized advertising.
- Keep clear records of consent for each user in the EU.
- Provide instructions on how to revoke that consent.
Google provides this example of an appropriate solution for requesting consent from EU users to collect their information in order to serve personalized ads:
As mentioned above, the GDPR and Google both require you to provide users with a method to revoke their consent for personalized advertising.
Pinterest provides an easy way to do this in the Settings module of its app:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
Still not sure how to proceed? We've put together a few examples of how other apps are preparing their Privacy Policies for AdMob advertising.
Frogmind then goes on to describe how and why it shares information with third-parties, specifically mentioning the sharing that is required for advertising. This disclosure is necessary for both GDPR and CalOPPA regulations:
Since most privacy regulations require that users be given access to view or change their personal information, this clause describes access rights:
Frogmind makes sure to state that its service is not intended for children, which complies with COPPA:
In order to meet Google's Behavioral Policies requirements, Frogmind includes a clause about personalized advertising:
Google also requires that users be provided with instructions on how to opt-out of targeted advertising. Frogmind gives them several options to do so:
Cheetah includes a long and detailed list of personal information they collect and why. Data collected for advertising is part of the list:
There's also a clause that describes user access to view or change their personal information:
To comply with COPPA and GDPR age requirements, this clause describes Cheetah's age limits:
Another summary is made of information that is shared with third-parties. It's especially important to include advertising partners in this section to meet both legal and Google policies. Links are included to an Ad Choice Policy and Ads Partners Policy:
The Advertising Choices Policy includes an informative clause about how users can opt out of interest-based advertising:
Etermax is a developer of some of the most popular mobile gaming applications. A lot of advertising happens within its free games.
The policy goes into detail describing how personal data is shared with third-party advertisers, including a mention of the anonymous identifiers that are placed on user devices for advertising purposes:
The developer makes it clear that it doesn't knowingly collect personal data from children. Since some Etermax games are targeted to children, they create zero-data environments for child users to comply with COPPA:
The developer has a simple solution for users who wish to view or change their personal data:
A few different options for opting out of personalized advertising are available, with instructions for both Android and iOS devices: