Visiolink is launching an updated version of the GDPR pop-up in the ePaper app for iOS and Android in May 2021. We call it GDPR version 3 On web, the GDPR 3 was launched November 2020.
This article will answer all questions we have received about our GDPR solution and serves the purpose of giving you the information you need to make an assessment whether it lives up to your GDPR policies or an integration of a third-party system is better suited for you.
The solution is identical on Web, iOS and Android, with some apparent differences due to different interfaces.
For clear terminology trough this article, we will refer to data collection technologies that are in question when speaking of the GDPR as cookies. Technically, cookies are only set on websites and not in native apps like the ePaper app. In native apps, these technologies would be SDKs or alike.
Q: How does the GDPR 3 pop-up look?
A: The pop-up is ONE screen with:
- Headline (configurable)
- Text explaining the use of data (configurable)
- Category/purpose toggles with green/black color indicators plus ON/OFF wording (names of categories/purposes are configurable)
- Strictly Necessary
- Performance / Statistics
- Targeting (not present if your solution does not contain ads from Google Ad Manager or other ad systems)
- Three buttons to give or decline consent (text and color of button are configurable)
- Allow necessary
- Allow selected
- Allow all (this button is per default green, but the color can be configured)
- Information box with explanation of the categories (configurable text)
- Up to three links (text and URLs configurable)
The illustration below shows the GDPR 3.0 pop-up (final implementation might differ slightly from illustration)
Q: Which default text are displayed in the pop-up?
A: Text, translated to different languages can be seen here.
Q: When is the pop-up activated?
A: The first time the app is opened or freshly installed on a device after upgrading to the app version containing the GDPR 3.0 feature, the pop-up is shown. It is not possible to ignore the pop-up without pressing one of the buttons.
Q: What about Apples App Tracking Transparency dialog?
A: It depends on what you choose in GDPR. If you say no to tracking, it wont be displayed. If you say yes to tracking it will be displayed after the GDPR dialog.
Q: Are any cookies set before the user gives consent?
A: Only cookies categorized as “Strictly Necessary” can be set before the user gives consent. Any cookie in other categories will per default be blocked, until the user actively gives consent.
Q: Which cookies are set under the category/purpose toggles?
A: Strictly Necessary cookies cover functionality that will make the ePaper function, like the ability to save the user’s credentials, so login is not required each time the ePaper is used, and frameworks for drawing animations. These cannot be turned off.
Performance/Statistics cookies cover as default the use of Google Analytics (Web) / Firebase Analytics (iOS and Android) that collect device IDs and IP addresses (IP addresses are pseudonymized before ending up in Google Analytics). If the user declines this category, no tracking will be performed. If a custom third-party tracking system is integrated into the ePaper solution, this will also be blocked if the user declines this category.
Targeting cookies cover the use of Google Ad Manager. If the user declines this category, only non-personalized ads can be served, meaning that the AD ID (also called IDFA) is not sent to Google Ad Manager making it impossible to target the user specifically.
Q: Can we add more categories/purposes if we have further third-party integrations in our ePaper solution?
A: Yes, it is possible to add categories and connect them to a third-party SDK. This must be specified prior to an upgrade.
A: Yes. The pop-up is versioned, so it is possible to force a new version to be displayed to the user. This without resubmitting the app. On web, a consent cookie is saved with an expiry of 12 months. After 12 months, the pop-up will automatically be displayed again.
Q: Is it possible to granulate consent further allowing the user to switch each individual cookie on and off?
A: No. The default ePaper solution contains very few cookies, so we believe that the categories/purposes are sufficient for providing the users with a clear understanding of what they allow or decline. Along with the main text and the text in the information box, there should be sufficient possibility to assists the users in making a choice.
Q: Does Visiolink pick up the users’ consent and save it in any way?
A: No. Consent is only saved on the device. As consent cannot be linked to the individual user, it will not be picked up and stored anywhere else than in the app/web itself.
Q: Is consent shared across devices?
A: No. As consent is only saved on the device, it is not sharable across devices. So, if a user reads the ePaper on both a phone and a tablet, he or she will have to give consent twice.
Q: Can we track have many have given consent and how many have declined?
A: Not directly. You will be able to see a drop in your data – e.g. downloaded ePapers – before and after an upgrade, which will give you a pretty good picture of how many have declined consent.
Q: We use the User Tracking feature, where user IDs are collected in Google Analytics. Will this change the need for consent?
A: Not when it comes to the type of data you collect. These are still ordinary personal data on the same level as device IDs collected when not using the User Tracking feature.
Q: Which cookies are set on the Web platform?
Cookies if you do not use Google Ad Manager: https://support.visiolink.com/hc/en-us/articles/360017768539-Cookies-ePaper
Cookies if you use Google Ad Manager: https://support.visiolink.com/hc/en-us/articles/360017773439-Cookie-ePaper-Targeting
Q: We use an anonymous tracking method to measure pure ePaper traffic. How is that handled in the ePaper solution?
A: We do see various third-party systems that only measure ePaper usage to monitor traffic or circulation (LinkPulse, Piwik etc.). These systems can be included as necessary cookies in the consent pop-up, as long as you can guarantee that it is lawfully sustainable and no personal information of any kind is collected.
Q: How can the user reactivate the consent pop-up and change preferences?
A: The main menu in any of the three platforms contains a button called “Privacy Settings”, which will call up the consent pop-up. For iOS the button will be in the tabbar in the bottom, for Android it will be in the burger menu and on Web it is placed in the top right corner in the Desktop Web App, in the vertical menu bar in the ePaper reader, and in the bottom menu in the Fallback Reader. In the pop-up the users can renew and save their consent preferences
Q: We have webviews in our ePaper app. How do they interfere with the consent pop-up?
A: Webviews can be tricky, as any tracking, targeting or alike happening when opening a webview within the ePaper app, is not blocked by or linked to the consent choices given in the consent pop-up. If the webview leads to a site that has its own consent pop-up, it will be shown when the webview is opened. This means that the user could experience more consent pop-ups when using the app.
Q: How do users withdraw consent?
A: It is possible to withdraw consent by selecting cookie settings under the menu in the app