GDPR

Introduction

The General Data Protection Regulation (GDPR) was enacted across the European Union on May 25, 2018. These new regulations create a framework to protect personal data about individuals in the EU and must be adhered to by all businesses that collect or process such data. Failure to comply with GDPR can result in strict penalties for non-compliant companies.

As a trusted partner of leading global brands, InMobi is committed to data protection and protecting consumer privacy while creating a safe and transparent marketplace for advertisers and generating value for our publisher partners.

Complying with GDPR

If not already on the current InMobi SDK version (SDK 710 for Android, SDK 711 for iOS) or above, upgrade to the latest version here: SDK. The same applies for Mobile Web <link it with the mobile web> inventory.

If you have already signed and shared Data Protection Rider with InMobi, then no action is required here. Please proceed to Step 3.

GDPR settings under the “Compliance” Tab

1. Log in to the InMobi Publisher Dashboard and accept InMobi’s new Terms of Service (TOS). The new InMobi TOS has GDPR-related clauses.
2. If you have traffic from the EU, navigate to Compliance GDPR Settings within the Publisher Dashboard and click Allow Data Processing. If not applicable to your inventory, select Restrict Data Processing.

3. If your app falls under the age-gating requirements in GDPR, i.e. your app targets children < 16 years of age, please turn the Children's Privacy Compliance flag on within your app settings. If the app was marked for Children's Privacy Compliance, we would automatically flag the app as compliant - < 13 years for the US and < 16 years for the EU. This is valid:

   • for creating new apps/mobile websites,
   • for updating existing apps/mobile websites.
4. Upgrade your connection to the latest InMobi SDK version. For mobile web, see our Mobile Web specifications. Please reach out to your InMobi account manager for the latest API specifications.

TCF v2.2

The Transparency and Consent Framework (TCF) is the GDPR consent solution developed by the IAB Europe and industry stakeholders to create an industry standard for collecting, managing, and sharing user consent.

The TCF’s objective is to help all parties in the digital advertising chain ensure that they comply with the EU’s GDPR and ePrivacy Directive when processing personal data or accessing and/or storing information on a user’s device, such as cookies, advertising identifiers, device identifiers, and other tracking technologies.

InMobi supports TCF v2.2, the latest iteration of IAB Europe’s Transparency and Consent Framework.

TCF 2.2 introduces significant changes to the existing framework, with more information presented to users, enhanced vendor transparency, mandated disclosure of the total number of by CMPs and a simplified consent withdrawal process to align with GDPR principles.

To serve personalized ads with InMobi, the TCF consent must have the following permissions:

• InMobi Vendor id, i.e., 333 in the IAB consent string
• Standard purposes [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11] in the IAB consent string

As a publisher, it's crucial to actively work towards achieving TCF 2.2 compliance. With the implications of GDPR, buyers are looking for TCF compliant supply yielding in higher revenue for publishers. We also recommend working with a CMP that supports the TCF 2.2 framework to convert TCF 2.0 strings into TCF 2.2 strings. You can find the list of TCF 2.2-compliant CMPs here.

FAQs

Is InMobi a Data controller, Joint Controller or Data Processor?

InMobi is a Joint Controller with the Publisher.

How will InMobi collect the data?

InMobi does not gather user consent directly and will rely on the publisher to obtain appropriate consent from data subjects and pass that on to InMobi.

What will InMobi do in cases where user consent is not present?

InMobi will never collect or pass user data to an advertiser or a publisher without user consent.

What will InMobi do in cases where user consent is not present?

InMobi will never collect or pass user data to an advertiser or a publisher without user consent.

What happens if the user withdraws the consent?

Publishers must notify InMobi where consent is withdrawn or revoked, and accordingly, InMobi will honor such data subject’s request.

What happens if I am not compliant with InMobi’s GDPR solution?

For all requests originating from users who have not given consent, InMobi will serve non-targeted ads to these users.

To comply with GDPR, upgrade your SDK today.

You can read more about InMobi’s GDPR readiness here.

For any queries or concerns, you can contact your InMobi Account Manager or write us at gdprcompliance-group@inmobi.com.