For a media company, it might be important to manage consent across all websites and apps in the same system. Of that reason, we see the need for integrating third-party consent management systems in the ePaper app.
This document will outline concepts and requirements when implementing a third-party consent management system in your ePaper apps for iOS and Android and your ePaper solution for web. The purpose is to match requirements with the possibilities of the third-party system and to ease the implementation as much as possible, while complying with the GDPR.
Implementation on iOS and Android
The Visiolink ePaper solution contains as a default only the Firebase Analytics SDK which collects user data. If the app also contains interstitials and/or front screen ads served through Google Ads, it will also be able to collect targeting data and serve targeted ads through the Google Ads SDK.
To match the relatively limited level of data collection, we expect an implementation of a third-party system to granulate consent in two mandatory categories and one category depending on whether the app contains Google Ads.
- Strictly Necessary (cannot be declined)
- Performance/Statistics (Firebase Analytics)
- Targeting (Google Ads – it is still possible to serve non-targeted ads)
Please note: if the apps contain other third-party SDK integrations (typically tracking and ad services), blockers for these must be built and included in the categories above. This will affect the estimate of the project.
Following a list of requirements and considerations when integrating a third-party consent management system. Consider it a checklist for clearing basic requirements and setup with the third-party provider prior to implementation.
Basic requirements:
- Native SDKs for iOS and Android from the third-party provider must be available
- All views must be fully available from the SDK including all layout, texts etc. (typically all views are set up in the backend of the third-party system and called in the app through the SDK)
- All views should be responsive, so they are presented nicely in the apps
General restrictions:
- As data controller you are responsible that the third-party consent management solution is compliant with the GDPR (and the interpretation ruling in your area, as this can vary across regions)
- Any changes after submit of the apps (e.g. new version of iOS/Android, new version of the third-party SDK, new interpretation of the GDPR) which require additional work or app upgrades are not included in the cost of the original implementation of the third-party system nor the running costs
- We expect you to be the main contact between the third-party provider and Visiolink, this includes providing SDKs, proper documentation and setting up meetings if necessary.
Implementing a third-party consent management system in your ePaper web solution
Implementing a third-party consent management system on the ePaper solution for web, will usually succeed with the implementation of two scripts:
- One script will show a popup with cookie preferences when the user enters the ePaper for the first time
- One script will show the same popup with cookie preferences when the user clicks a menu button in the interface
Following is a list of requirements when implementing a third-party consent management system on your ePaper on web:
Basic requirements:
- All views must be fully available from the third-party service including all layout, texts etc. (typically all views are set up in the backend of the third-party system and called from the web reader through the script)
- The third-party service should scan the ePaper domain for cookies and provide the user with a list of either individual cookies or cookie categories
- If the user blocks the usage of individual cookies or cookie categories, the third-party service should be able to prevent the cookies from being set
General restrictions:
- As data controller you are responsible that the third-party consent management solution is compliant with the GDPR (and the interpretation ruling in your area, as this can vary across regions)
- Any changes after implementation in the web solution (e.g. update of scripts) which require additional work are not included in the cost of the original implementation of the third-party system nor the running costs
- We expect you to be the main contact between the third-party provider and Visiolink, this includes providing scripts, proper documentation and setting up meetings if necessary.
Visiolink is developing an updated consent solution
Visiolink is developing an update of their standard GDPR feature for Web, iOS and Android giving the user the possibility to accept or decline data collection in three categories; Strictly Necessary (cannot be declined), Performance/Statistics (Firebase Analytics) and Targeting (if the app uses Google Ads). We will update with further information as soon as possible.
Comments