Categories
Apps News Privacy

Android Developers Can Use Google AdMob And Comply With GDPR

Google is asking app developers who publish apps on its play store to obtain consent for data use and for ad personalisation through its AdMob platform. 

Due to the coming GDPR legislation which comes into effect on the 25th of May. Any business based in the EU will need to gain opt-in consent to collect or use any of their user’s personal data. 

This news places the responsibility of obtaining consent for Google’s services that are running in the background (such as AdMob targeting) on the shoulders of the publishers. Android developers are expecting to see some kind of software kit to help them obtain and manage this consent. As of now, and up until the new legislation kicks in, Google has not announced any SDK or toolkit that could solve this headache for Android developers. 

Many developers lacking the time or manpower to create such a kit are weighing up their options ahead of the legislation. Some have even hinted at switching of these third-party services for users int eh EU. 

 

The problem

Breaches of the legislation carry with it the threat of huge fines. User consent has always been an issue for app publishers. Creating a solution for obtaining consent and then managing this consent is no easy feat. Integrating this consent with third-party integrations (such as advertising solutions) adds another layer of complexity. 

For Android developers, the problem is a little more pressing as AdMob revenue is what keeps them afloat. Developers may find themselves stuck between a rock and hard place – turning off AdMob would instantly create a big hole in their revenue. However, keeping it on and exposing themselves to potentially destructive fines doesn’t seem like a viable option either. 

 

So what’s the solution?

With the right toolkit developers wouldn’t have to change their business model too much. Letting users opt out of ads might lose some revenue but it’s a necessary step to take to comply with the changing mood around privacy and transparency. 

Controlling user data in a responsible way makes sense because it builds trust and in the long term it will be beneficial for developers. 

Luckily for developers, there’s a toolkit that is addressing this problem. Via a dedicated SDK app, publishers can continue to use third-party ad integrations, such as AdMob. The toolkit obtains and manages user consent to help developers comply with regulations such as GDPR.

As well as this the toolkit will sync user consent across devices. All consent preferences are stored in a secure audit trail so that developers can call on consent history of their users. The audit trail also contains information on consent preferences that have been replayed to third parties. In the AdMob example when a user opts out of personalised ads in their app the consent SDK will relay this to Google. The audit will register this along with a timestamp and other relevant details.

The SDK provides this functionality for first-party app features as well as third-party integrations. It’s a comprehensive toolkit to take control of your user consent. 

This toolkit doesn’t need to only apply for Admb or even android. A wider conversation about the role of consent in mobile applications needs to be had. Developers should look at how consent is obtained, managed and communicated to third parties. 

Complying with GDPR is a shortsighted approach. Developers need to put their users first and think about how they can put these users back in control of their data.

[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”50px” bottom_margin=”20px”]

Get free early access to the consent toolkit 

We’ll get you set up for free as soon as it’s launched. 

[mkdf_button size=”” type=”” text=”Get started” custom_class=”” icon_pack=”font_awesome” fa_icon=”” link=”/contact-app” target=”_self” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]
 
[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”20px” bottom_margin=”0px”]
 
Categories
News

Tamoco’s Full Response To Questions On Articles Published In NRK

In recent weeks, Norway’s state broadcaster, “NRK” has published a number of stories around a geo-location dataset they purchased from Tamoco in November 2019. NRK told us repeatedly this data would be used for urban planning – to understand the “correlation between peoples movement patterns and the public transit/urban planning developments being performed by local and national entities”. We double-checked this with NRK before selling them the data but NRK had no intention of ever using the data for this purpose.

Instead, this data was used to present a number of misleading claims about how we operate and to present and share opinions that present a very limited and unbalanced view of how location data is used and what Tamoco’s role is within this space. We have always been fully transparent on the industry and how we work. We were shocked that a reputable news organisation would need to use deception when we have openly discussed what we do with major media outlets many, many times. In the interests of full transparency, we have published, in full, the answers to questions we have received. Our aim is to be allow people to make up their own minds based on the full picture. Most of media reports on this – using old-school “gotcha” journalism – present only one side of the story. This is unfair to all parties – most of all viewers and readers.

Tamoco has been in contact with both NRK in Norway and DR in Denmark but is publishing its full, unedited response to the questions raised on these claims:

 

NRK: The Norwegian Consumer Council says that the data sold by Tamoco is “without doubt” obtained illegally due to the lack of informed consent. The organization explicitly mentions that consumers cannot know to whom their personal data is shared when consenting. How do you respond to these claims?

Tamoco: This isn’t true. We source data directly from app publishers, their partners, or SDK’s integrated into apps. They’re required to provide explicit consent from their users. Consents are managed by those publishers who provide assurances that they comply with relevant laws and regulations.

 

NRK: What precautions have you made to ensure that personal data is not misused?

Tamoco: Tamoco uses standard mobile advertising identifiers IDFA (Android) or AAID (Apple), but it’s critical to understand these DO NOT identify individuals – only a device. Identifiers can easily be changed (in phone settings), meaning they’re not fixed to an individual.

We vet customers carefully demanding information on where data is used. We sell data on a legitimate basis for a bonafide purpose. We do so in good faith that the buyer will respect laws and regulations. NRK was deceptive in pretending it was using our data for urban planning. When we challenged NRK over its use, it provided fake maps. In our view, NRK has breached its own code of ethics because the way Tamoco works is already widely in the public domain. NRK did not need to use deception.

NRK contravened the way in which the data was meant to be used, and the reality is many large anonymized datasets sold by major firms like Uber, Strava, or TomTom can be taken apart and engineered in precisely the same way.

 

NRK: Tamoco lists products and services using location data for purposes other than those mentioned in Tamoco’s privacy policy? Why are these purposes not mentioned in your privacy policy?

Tamoco: Although nothing requires them to match, our privacy policy is very clear:

“We analyze, segment, and categorize the data provided by our customers, clients, and partners for the purposes of providing accurate and relevant content and advertising across devices and to analyze the effectiveness of these advertising campaigns. The data is also used to provide relevant advertising to mobile devices.”

We’ve always been fully transparent. We use location data for various functions across statistical analysis, research, and machine learning on top of personalized advertising. Again, it’s important that people understand that many critical functions in our lives depend on large datasets being analyzed – such as urban planning.

We welcome feedback to help improve the clarity of our privacy policy and are happy to update it. To go further, we are undertaking an internal review of our policies to ensure they can be as clear as possible. For the avoidance of doubt, nothing about the way Tamoco uses the data is unusual, illegal, or unique. There are many companies, such as Foursquare, Unacast, and Fysical, that all use similar data for similar products and services.

In respect of this particular story, most phone users understand how location services in apps work. We agree there’s a debate to be had around whether all apps are clear on permissions, but many NRK viewers will ask why any working in the armed forces did not think twice about using apps that clearly use location data.

 

NRK: The Norwegian Data Protection Authority is opening an investigation into Tamoco. They seek to work together with the UK Data Protection Authority (ICO). What is your comment?

Tamoco: We’ve launched our own internal investigation into data provided to us and will comply fully with any external investigations from Norwegian or British regulators. We have also been very open with the media around what we do.

 

NRK: In response to NRK’s first article, Tobias Judin of the Norwegian Data Protection Authority described the sale of Norwegians location data as a “very severe” matter. How do you respond to this characterization?

Tamoco: Let’s be clear – NRK obtained data from us by deception, then decompiled and decrypted it for an illegal use. This is a very severe matter, but like any intermediary, while it’s fair to hold us to account for doing everything possible to ensure the quality of the product we sell, we sit between the party supplying data and the party using it. If the user is doing illegal things beyond our control, then it’s unfair to blame us if there are no reasonable steps we could have taken.

We employ our best efforts to ensure compliance with regulations as much as possible, however balanced reporting must consider the role of those parties who collect data and those who take it from us to use. NRK viewers may question why a national broadcaster used deception where it could have walked through the front door and asked questions.

We do take data privacy seriously, but the regulation and enforcement of these rules must be omnipresent for things to work as intended. While it makes things easier for the media, you cannot merely apply rules to one party.

 

NRK: The Minister of Regional Development and Digitalisation in Norway, Linda Hofstad Helleland, says that the sale of location data is ethically unacceptable. How do you respond to this claim?

Tamoco: Location data, like any other data set, has the possibility to be misused by bad actors, but has perfectly legitimate and ethically positive use cases which unfortunately go unreported by the media.

Dissemination, decoupling, or decryption of this data is indeed unacceptable and is not a process Tamoco has or ever will employ. NRK felt that for the purposes of their investigation, they would themselves commit an ethically unacceptable act, including breaching their own journalistic code of ethics to prove a point that no responsible company in the industry would do. NRK used deceptive tactics to obtain data for a legitimate use case they actually had no intent of pursuing. It did this to create a story around their own misuse of data and it has attempted to give the impression they were able to ‘trick’ Tamoco – a company that has spoken publicly about its business and products for several years.

It is also very important to distinguish between location data types. We agree that there is limited rationale for persistent and invasive tracking; receiving 10,000 location points from a phone per day is excessive and unnecessary in 98% of use cases. It is also not something that Tamoco uses. However, measuring important points in a journey such as a visit to a shop or when someone starts or stops a journey is necessary, and some would argue essential in the pursuit of building better products and services. In this regard, location data is an accurate and powerful signal for advertisers, researchers, analysts, and more as an aggregated data set. It helps with such a wide range of applications from city planning to contact tracing, advertising to analytics.

 

NRK: Based on data from Tamoco and open sources like Facebook, NRK could identify several individuals, amongst them military personnel. What do you think about that?

Tamoco: The data is not able to, on its own, identify any individual person, nor should it be reverse engineered or decrypted in the pursuit of this kind of use. We work with firms around the world and focus on measuring data around consumer “points of interest” such as shops, attractions, and destinations. We do not store any sensitive or restricted places in our database and thus do not measure these places, meaning that anyone who had access to the data would have to misuse it and combine it with other data sources, in order to expose any potential correlations around these locations.

Tamoco takes privacy concerns very seriously and is committed to working to ensure that consumers can control their data. We have launched an internal audit into our data providers and the way in which this data has been used, and will not hesitate to immediately end relationships with any providers who have failed to comply with all appropriate regulation and legislation.

Tamoco is happy to work with any data protection organization that has concerns about how data may be used and we welcome any recommendations to improve processes.