10 May 2018 (Rome, Italy) — Android developers are scrambling to change their apps after 11th hour privacy instructions from Google left them waiting on an SDK which still isn’t ready.
On 4 May, just three weeks before the deadline for implementing GDPR, Google emailed developers who use its Admob advertising system that a new consent API was being rushed in – but wasn’t quite ready yet. The new API, which allows the app to request opt-in consent from users to view ads, is to be released before “GDPR D-DAY” (25 May for those of you tracking this stuff). But developers may have a spot of bother testing the new API before that deadline, as ad serving was “not guaranteed to work correctly”, warned Google. In fact the official documentation (read by my CTO) advised devs not to test the API at all:
Please do not attempt to use these APIs before May 25, because they may disrupt ad serving on your app.
Hilarity all around. Well, ok. Not. More like confusion abounded. It wasn’t clear when the consent message would appear, or what it would look like. Could the user refuse it? What would this mean for the developer’s business model if consent was withheld? Far from being able to let the ad network take care of it, developers were plunged into legal confusion, chewing over the meaning of “valid” and “explicit” consent.
This week Google clarified things – a bit – with an employee posting on the Admob forum. At first Google said that if the user doesn’t provide the consent, “you should close the app, and again show the consent dialog on the next app launch… There should be no need to let users to continue to use the free version without any ads.”
That left most of the big issues unaddressed. Said my CTO, Eric De Grasse:
That doesn’t sound like a great user experience to me. Also who is going to consent to personalised ads above non-personalised ads, given the choice?
Not to worry! Google returned to the fray. There will be three options on the consent dialog: (1) Personalised ads, (2) Non-personalised ads, (3) Ad free. Said Google on one of the forums:
The first two constitute consent to show ads to the user (personalized or non-personalized as the case may be). The third option is up to you. As previously mentioned, a common use case will be to send the user to the store listing for the premium version of your app.
We created the Ad Technology Provider controls so that every publisher that uses our ad technology has the ability to select their preferred providers. Publishers decide which providers they want to work with and the number of vendors they want to select. If they decide not to make a selection, we will apply a list of the most commonly used providers based on those that generate the most revenue for publishers.
Except “really not very helpful” said the developers I spoke with. Google has already been criticised for passing the buck to publishers, with four trade groups accusing Google of creating a “framework more concerned with protecting your existing business model in a manner that would undermine the fundamental purposes of the GDPR and the efforts of publishers to comply with the letter and spirit of the law.”