Data Privacy Regulations
Explore the guidelines below to ensure best practices when using the X3M SDK to comply with Data Privacy and Child-Directed regulations, including GDPR, CCPA, COPPA, and other relevant standards.
Use of Personal Information
In adherence to data privacy regulations, avoid transmitting personal user information (such as age, gender, etc.) through the custom user properties initialization option (see InitSettings/UserProperties/CustomProperties). Please be aware that X3M disclaims responsibility for managing such information for users identified as children, as this could potentially violate existing regulations
Integrate with a Consent Management Platform (CMP)
Option 1: Enable CMP Automation
X3M provides a mechanism for automating the integration with Google's User Messaging Platform. To enable this feature, set the flag isCMPAutomationEnabled to true:
This will prompt the user for consent only when required, and continue with the SDK initialization after the signals have been collected.
Display a Privacy Settings button inside your app
To give users the option to change their consent during the session, you may want to display a button in your app's settings when a form is available. X3M's SDK provides the following methods to achieve this:
if (XMediatorAds.getCMPProvider().isPrivacyFormAvailable(context)) {
// ... display the privacy settings form button
}
// [...]
XMediatorAds.getCMPProvider().showPrivacyForm(activity, error -> {
if (error != null) {
Log.d("PrivacyForm", "Error: $error");
}
Log.d("PrivacyForm", "showPrivacyForm complete!");
return Unit.INSTANCE;
});
Debug your integration
When using the CMP Automation feature, you can use the following methods to debug your integration:
// Configure a Debug Geography to trigger Privacy Form display
XMediatorAds.startWith(
activity = activity,
appKey = "<your-app-key>",
initSettings = InitSettings(
consentInformation = ConsentInformation(
isCMPAutomationEnabled = true,
cmpDebugSettings = CMPDebugSettings(
cmpDebugGeography = CMPDebugGeography.EEA // Available options: Disabled, EEA and NotEEA
)
)
),
initCallback = { result -> }
)
// Clear the collected consent signals from the device
XMediatorAds.CMPProvider.reset(context)
// Configure a Debug Geography to trigger Privacy Form display
XMediatorAds.startWith(
activity,
"<your-app-key>",
new InitSettings.Builder()
.setConsentInformation(new ConsentInformation(
null,
null,
null,
isCMPAutomationEnabled,
new CMPDebugSettings(
CMPDebugGeography.EEA.INSTANCE // Available options: Disabled, EEA and NotEEA
)))
.build(),
initResult -> {
return Unit.INSTANCE;
}
);
// Clear the collected consent signals from the device
XMediatorAds.getCMPProvider().reset(context);
Option 2: Custom integration with a CMP
Another option is to integrate your app or game directly with the CMP, without relying on X3M's automation. The recommended workflow is as follows:
- First, request the CMP to update the consent requirements for the user.
- If the consent has been granted on a previous session, continue with X3M's initialization without waiting for the requirements update, in order to reduce latency.
- Wait for the consent requirements update request to complete.
- Launch the CMP's privacy form if available and await for its completion.
- Then, initialize X3M's XMediator SDK, and wait for the initialization callback to complete.
- By this point, you can start requesting ads.
This approach ensures that all required consent signals are collected before the ad mediation begins.
Info
For specific instructions on how to implement this workflow using your chosen CMP, please refer to its official documentation.
Consent Information API
XMediator provides a mechanism to forward the user consent to each advertising partner.
For more information about the data privacy regulations that may apply to your product please refer to IAB's Standards. Please note that XMediator is not a replacement to a Consent Management Platform. If you wish to integrate one please refer to IAB's authorized CMP list.
Manage user consent
To indicate whether the user has given consent to be served personalized ads please use the hasUserConsent flag as shown below:
GDPR Consent for European Economic Area Users
Integration considerations:
- Please note that XMediator does not generate a GDPR Consent String (see Consent String and Vendor List Format) as using a CMP would. Some ad sources may still require you to integrate a CMP in order to serve ads to european users.
- If the user is not affected by EU's GDPR you should avoid setting these flags as it may have a negative effect on the ad mediation performance.
For more information on X3M's approach to GDPR please reach out to us.
Opt-out of sale flag
You can use this flag to indicate whether the user has opted out of the sale of their personal information.
If the user does not opt out, please set the doNotSell flag as shown below:
CCPA Data Privacy Regulation
Integration considerations:
- If the user is not affected by California's CCPA you should avoid setting these flags as it may have a negative effect on the ad mediation performance.
For more information on X3M's approach to CCPA please reach out to us.
Child directed flag
You can use this flag to indicate whether the user must be treated as a child. To do this, set the isChildDirected flag as shown below:
COPPA Regulation
Integration considerations:
- If the user is not subject to the Children's Online Privacy Protection Rule you should avoid setting these flags as it may have a negative effect on the ad mediation performance.
For more information on how X3M complies with COPPA, please visit the COPPA Compliance Guidelines for Apps on X3M Platform