Visiolink is launching an updated version of the GDPR pop-up in the ePaper app for iOS and Android in May 2021. We call it GDPR version 3.0. On web, the GDPR 3.0 was launched November 2020.
This article will answer all questions we have received about our GDPR solution and serves the purpose of giving you the information you need to make an assessment whether it lives up to your GDPR policies or an integration of a third-party system is better suited for you.
The solution is identical on Web, iOS and Android, with some apparent differences due to different interfaces.
For clear terminology trough this article, we will refer to data collection technologies that are in question when speaking of the GDPR as cookies. Technically, cookies are only set on websites and not in native apps like the ePaper app. In native apps, these technologies would be SDKs or alike.
Q: How does the GDPR 3.0 pop-up look?
A: The pop-up is ONE screen with:
- Headline (configurable)
- Text explaining the use of data (configurable)
- Category/purpose toggles with green/black color indicators plus ON/OFF wording (names of categories/purposes are configurable)
- Strictly Necessary
- Performance / Statistics
- Targeting (not present if your solution does not contain ads from Google Ad Manager or other ad systems)
- Three buttons to give or decline consent (text and color of button are configurable)
- Allow necessary
- Allow selected
- Allow all (this button is per default green, but the color can be configured)
- Information box with explanation of the categories (configurable text)
- Up to three links (text and URLs configurable)
The illustration below shows the GDPR 3.0 pop-up (final implementation might differ slightly from illustration)
Q: Which default text are displayed in the pop-up?
A: The default texts suit most solutions, but not all. Therefore, it is important that you evaluate if it is suited to your solution.
Headline: Privacy Settings
Main text: We and our partners (e.g. Google) use tracking tools to measure how and how much the ePaper is used. We do this to analyze reach of our journalistic content and to improve the user experience of the solution. Your data might be used to analyze usage patterns and to serve targeted ads relevant to you. Data collected include IP adresses or device ID.
Consent is voluntary, and you can set your preferences below. You can at any time withdraw your consent from the Privacy Settings menu.
Necessary cookies are necessary for the website or app to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. These cookies do not store any personally identifiable information.
Performance / Statistics cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Q: When is the pop-up activated?
A: The first time the app is opened or freshly installed on a device after upgrading to the app version containing the GDPR 3.0 feature, the pop-up is shown. It is not possible to ignore the pop-up without pressing one of the buttons.
Q: Are any cookies set before the user gives consent?
A: Only cookies categorized as “Strictly Necessary” can be set before the user gives consent. Any cookie in other categories will per default be blocked, until the user actively gives consent.
Q: Which cookies are set under the category/purpose toggles?
A: Strictly Necessary cookies cover functionality that will make the ePaper function, like the ability to save the user’s credentials, so login is not required each time the ePaper is used, and frameworks for drawing animations. These cannot be turned off.
Performance/Statistics cookies cover as default the use of Google Analytics (Web) / Firebase Analytics (iOS and Android) that collect device IDs and IP addresses (IP addresses are pseudonymized before ending up in Google Analytics). If the user declines this category, no tracking will be performed. If a custom third-party tracking system is integrated into the ePaper solution, this will also be blocked if the user declines this category.
Targeting cookies cover the use of Google Ad Manager. If the user declines this category, only non-personalized ads can be served, meaning that the AD ID (also called IDFA) is not sent to Google Ad Manager making it impossible to target the user specifically.
Q: Can we add more categories/purposes if we have further third-party integrations in our ePaper solution?
A: Yes, it is possible to add categories and connect them to a third-party SDK. This must be specified prior to an upgrade.
A: Yes. The pop-up is versioned, so it is possible to force a new version to be displayed to the user. This without resubmitting the app. On web, a consent cookie is saved with an expiry of 12 months. After 12 months, the pop-up will automatically be displayed again.
Q: Is it possible to granulate consent further allowing the user to switch each individual cookie on and off?
A: No. The default ePaper solution contains very few cookies, so we believe that the categories/purposes are sufficient for providing the users with a clear understanding of what they allow or decline. Along with the main text and the text in the information box, there should be sufficient possibility to assists the users in making a choice.
Q: Does Visiolink pick up the users’ consent and save it in any way?
A: No. Consent is only saved on the device. As consent cannot be linked to the individual user, it will not be picked up and stored anywhere else than in the app/web itself.
Q: Is consent shared across devices?
A: No. As consent is only saved on the device, it is not sharable across devices. So, if a user reads the ePaper on both a phone and a tablet, he or she will have to give consent twice.
Q: Can we track have many have given consent and how many have declined?
A: Not directly. You will be able to see a drop in your data – e.g. downloaded ePapers – before and after an upgrade, which will give you a pretty good picture of how many have declined consent.
Q: We use the User Tracking feature, where user IDs are collected in Google Analytics. Will this change the need for consent?
A: Not when it comes to the type of data you collect. These are still ordinary personal data on the same level as device IDs collected when not using the User Tracking feature.
Q: Which cookies are set on the Web platform?
Cookies if you do not use Google Ad Manager: https://support.visiolink.com/hc/en-us/articles/360017768539-Cookies-ePaper
Cookies if you use Google Ad Manager: https://support.visiolink.com/hc/en-us/articles/360017773439-Cookie-ePaper-Targeting
Q: We use an anonymous tracking method to measure pure ePaper traffic. How is that handled in the ePaper solution?
A: We do see various third-party systems that only measure ePaper usage to monitor traffic or circulation (LinkPulse, Piwik etc.). These systems can be included as necessary cookies in the consent pop-up, as long as you can guarantee that it is lawfully sustainable and no personal information of any kind is collected.
Q: How can the user reactivate the consent pop-up and change preferences?
A: The main menu in any of the three platforms contains a button called “Privacy Settings”, which will call up the consent pop-up. For iOS the button will be in the tabbar in the bottom, for Android it will be in the burger menu and on Web it is placed in the top right corner in the Desktop Web App, in the vertical menu bar in the ePaper reader, and in the bottom menu in the Fallback Reader. In the pop-up the users can renew and save their consent preferences
Q: We have webviews in our ePaper app. How do they interfere with the consent pop-up?
A: Webviews can be tricky, as any tracking, targeting or alike happening when opening a webview within the ePaper app, is not blocked by or linked to the consent choices given in the consent pop-up. If the webview leads to a site that has its own consent pop-up, it will be shown when the webview is opened. This means that the user could experience more consent pop-ups when using the app.