This article will answer all questions we have received about our GDPR solution and serves the purpose of giving you the information you need to make an assessment whether it lives up to your GDPR policies or an integration of a third-party system is better suited for you.
For clear terminology through this article, we will refer to data collection technologies which are in question when speaking of the GDPR as cookies. Technically, cookies are only set on websites and not in native apps like the ePaper app. In native apps, these technologies would be SDKs or alike.
Q: How does the GDPR 3 pop-up look?
A: The pop-up is ONE screen with:
- Headline (configurable)
- Text explaining the use of data (configurable)
- Category/purpose toggles with green/black color indicators plus ON/OFF wording (names of categories/purposes are configurable)
- Strictly Necessary
- Performance / Statistics
- Targeting (only present on android if your solution Ad systems using IDFA or if you share user ids with external partners. On iOS Targeting is not shown as a toggle, but as a pop up provided by Apple: App Tracking Transparency)
- Buttons to give or decline consent (text of button are configurable, color is brand color)
- Allow necessary
- Allow selected (only present on android)
- Allow all
- Information box with explanation of the categories (configurable text)
- Up to three links (text and URLs configurable)
The illustrations below show the GDPR 3.0 pop-up. Buttons use brand color.
GDPR3 on Android
Q: Which default text is displayed in the pop-up?
A: Text, translated to different languages can be seen here.
GDPR3 on iOS
Q: When is the pop-up activated?
A: The first time the app is opened or freshly installed on a device after upgrading to the app version containing the GDPR 3.0 feature, the pop-up is shown. It is not possible to ignore the pop-up without pressing one of the buttons.
Q: What about Apples App Tracking Transparency dialog?
A: It depends on what you choose in GDPR. If you say no to "Performance/Statistics", it won't be displayed. If you say yes to "Performance/Statistics", it will be displayed after the GDPR dialog.
The App Tracking Transparency pop up looks like this:
Read more about App Tracking Transparency here
Q: Are any cookies set before the user gives consent?
A: Only cookies categorized as “Strictly Necessary” can be set before the user gives consent. Any cookie in other categories will per default be blocked, until the user actively gives consent.
Q: Which cookies are set under the category/purpose toggles?
A: Strictly Necessary cookies cover functionality which will make the ePaper function, like the ability to save the user’s credentials, so login is not required each time the ePaper is used, and frameworks for drawing animations. These cannot be turned off.
Performance/Statistics cookies cover as default the use of Google Analytics (Web) / Google Analytics 4 (iOS and Android) collecting device IDs and IP addresses (IP addresses are pseudonymized before ending up in Google Analytics). If the user declines this category, no tracking will be performed. If a custom third-party tracking system is integrated into the ePaper solution, this will also be blocked if the user declines this category.
Targeting cookies cover the use of Google Ad Manager and if user tracking is shared with external partners. If the user declines this category, only non-personalized ads can be served, meaning that the AD ID (also called IDFA) is not sent to Google Ad Manager making it impossible to target the user specifically - and user IDs will not be sent collected or sent to Google Ad Manager
Q: Can we add more categories/purposes if we have further third-party integrations in our ePaper solution?
A: Yes and no. It is possible to add more categories and connect them to a third-party SDK. However, Visiolink only has three categories, we can use for cookies: Necessary cookies, Performance/Statistics and Targeting.
A: Yes. The pop-up is versioned, so it is possible to force a new version to be displayed to the user. This without resubmitting the app. On web, a consent cookie is saved with an expiry of 12 months. After 12 months, the pop-up will automatically be displayed again.
Q: Is it possible to granulate consent further allowing the user to switch each individual cookie on and off?
A: No. The default ePaper solution contains very few cookies, so we believe that the categories/purposes are sufficient for providing the users with a clear understanding of what they allow or decline. Along with the main text and the text in the information box, there should be sufficient possibility to assists the users in making a choice.
Q: Does Visiolink pick up the users’ consent and save it in any way?
A: No. Consent is only saved on the device. As consent cannot be linked to the individual user, it will not be picked up and stored anywhere else than in the app/web itself.
Q: Is consent shared across devices?
A: No. As consent is only saved on the device, it is not sharable across devices. So, if a user reads the ePaper on both a phone and a tablet, he or she will have to give consent twice.
Q: Can we track how many have given consent and how many have declined?
A: Not directly. You will be able to see a drop in your data – e.g. downloaded ePapers – before and after an upgrade, which will give you a pretty good picture of how many have declined consent.
Q: We use the User Tracking feature, where user IDs are collected in Google Analytics. Will this change the need for consent?
A: Not when it comes to the type of data you collect. These are still ordinary personal data on the same level as device IDs collected when not using the User Tracking feature.
Q: Which cookies are set on the Web platform?
Cookies if you do not use Google Ad Manager: https://support.visiolink.com/hc/en-us/articles/360017768539-Cookies-ePaper
Cookies if you use Google Ad Manager: https://support.visiolink.com/hc/en-us/articles/360017773439-Cookie-ePaper-Targeting
Q: We use an anonymous tracking method to measure pure ePaper traffic. How is that handled in the ePaper solution?
A: We do see various third-party systems which only measure ePaper usage to monitor traffic or circulation (LinkPulse, Piwik etc.). These systems can be included as necessary cookies in the consent pop-up, as long as you can guarantee that it is lawfully sustainable and no personal information of any kind is collected.
Q: How can the user reactivate the consent pop-up and change preferences?
A: The main menu in any of the three platforms contains a button called “Privacy Settings”, which will call up the consent pop-up. For iOS the button will be in the tabbar at the bottom, for Android it will be in the burger menu and on Web it is placed in the top right corner in the Desktop Web App, in the vertical menu bar in the ePaper reader, and in the bottom menu in the Fallback Reader. In the pop-up the users can renew and save their consent preferences
Q: We have webviews in our ePaper app. How do they interfere with the consent pop-up?
A: Webviews can be tricky, as any tracking, targeting or alike happening when opening a webview within the ePaper app, is not blocked by or linked to the consent choices given in the consent pop-up. If the webview leads to a site having its own consent pop-up, it will be shown when the webview is opened. This means that the user could experience more consent pop-ups when using the app.
Q: How do users withdraw consent?
A: It is possible to withdraw consent by selecting cookie settings under the menu in the app