GDPR will go into effect on Friday. Here are a few reminders to help you get ready!

How does GDPR impact mobile app advertising?

Under GDPR, the use of mobile advertising IDs and other personal data will be restricted to users who have explicitly given their consent. In the mobile app environment, the IDFA / Advertising ID / Lat-long are the typical types of personal data that will require consent from the user before being processed by any vendor.

The consent information needs to be stored and transmitted throughout the advertising ecosystem as presented in the illustration below.


Source, IAB Europe, Presentation, March 8th 2018

What is “consent” according to GDPR?

Key principles

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

-The data subject has the right to withdraw his or her consent at any time

-The controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data

What GDPR solutions and guidelines has the IAB published?

The IAB has released the Advertising Industry’s Transparency & Consent Framework, which provides a technical industry solution allowing website operators and mobile app providers to

-Control the vendors they wish to allow to access their users’ browsers or apps and process their personal data, and disclose these choices to other parties in the online advertising ecosystem

-Seek user consent under the ePrivacy Directive (for setting cookies or similar technical applications that access information on a device) and/or the GDPR in line with applicable legal requirements, and signal the consent status through the online advertising ecosystem

In that regard, the IAB framework recommends actors implement a Consent Management Provider (CMP). A CMP provides publishers and advertisers with a mechanism to obtain consent, and then control which third-party vendors can request consent to track users of their websites and apps.

How can app developers comply with GDPR within the Framework of the IAB ?

iOS apps

Choose a CMP. The list of IAB approved CMPs is here.


Upgrade application advertising SDK.

For Smart customers: Display SDK version 6.9 & Instream video SDK version 1.2.0

Before May 25th 

Android apps

Choose a CMP. The list of IAB approved CMPs is here.


Before May 25th 

Where can you find the Smart Open Source Mobile CMP? 


Android CMP

What are the risks for app publishers who DON’T implement a CMP and DON’T collect consent for each vendor involved?

The CMP aims at providing a complete solution to ensure full compliance with GDPR by enabling user consent management for every involved vendor. Publishers need to be aware of that when making their choice (or when implementing their consent management solution).

Our legal manager Karine Laye shares the following insight:

“When a publisher acts as Data “controller”, he is responsible for the collection of a valid consent, explicit and freely given from its users. Every user should then be able to freely accept the processing of their  data by being clearly informed. The user has the right to know who accesses their data, and for what purposes. A user shouldn’t accept that http calls containing its user identifier are transmitted to all third party partners of a single vendor without being previously informed by the publisher. This topic is particularly sensitive for mobile apps because mobile user ID are more persistent than cookies.”