data privacy and consent
/*
Title: Privacy consent and data APIs
Sort: 1
*/
Unity Ads provides built-in solutions for acquiring user consent to data collection and processing, as well as developer APIs for passing a flag should you wish to implement your own consent flow. Unity offers two options for privacy consent that can be adjusted by your Unity contact:
- Unity consent, which requires the user to explicitly agree to using their data for the personalized ads as well as game personalization and measurement. This is the default setting for all developers.
- Developer consent, which allows a developer to use their own or a third-party consent API to collect and manage user consent. This setting must be enabled by your Unity contact.
If you enable developer consent through your Unity contact, this information must be provided upon initialization and in totality per the region of the impression and user. If any required consent for a region is not provided, Unity assumes the user has not provided consent.
Example: If a user is in the European Economic Area (EEA), which requires GDPR consent, and you have chosen developer consent as your desired privacy consent option but do not provide an explicit true/false value via Unity’s MetaData API, Unity assumes your user does not allow for tracking across applications.
Some regions may require consent to collect personal data by law, most notably under GDPR and PIPL regulations, and others may require end-user notice and the opportunity to opt-out, most notably under CCPA regulations. However, consent and opt-out requirements extend beyond these use cases and should be applied in any region that requires it. By using these APIs as opposed to using Unity’s consent option, you are taking responsibility for providing this consent correctly and for all regions. You cannot set different privacy consent settings for different regions.
Typically when a user does not consent to, or opts out of data collection and processing under a privacy regulation (for example GDPR, CCPA, or PIPL), this will limit the data available about your users and will likely impact your revenue.
Note: Developers are not required to implement their own consent, but enabling developer consent ensures that the Unity consent will never appear for the configured game.
Below you will find the API classes that allow you, the developer, to provide consent statuses for your users.
Starting November 1, 2021, China’s PIPL policy will be enforced for users in mainland China.
Unity recommends that you update to the latest version of the SDK, but it is not required for PIPL compliance. Legacy versions (below version 2.0) of the SDK now only serve contextual ads to users, strictly based on geographic location and current gameplay. No historical or personal data is used for ad targeting, including user behavior within the app and across other apps, or installs.
Versions 2.0 and higher automatically present affected users with an opportunity to opt in to targeted advertising, with no implementation needed from the publisher. On a per-app basis, the first time a Unity ad appears, the user sees a banner with the option to opt in to behaviorally targeted advertising. Thereafter, the user can click an information button to manage their privacy choices.
If a publisher or mediator manually requests a user opt-in by having their account manager enable "Developer Consent" in the Monetize Dashboard, the Unity opt-in will not appear. Please note that users can still request opt-out or data deletion, and access their data at any time by tapping the Unity Data Privacy icon when or after an ad appears.
Use the following API to pass the appropriate consent flags to the Unity Ads SDK:
// If the user opts in to sending their personal identifiable information outside of China:
MetaData piplMetaData = new MetaData("pipl");
piplMetaData.Set("consent", "true");
Advertisement.SetMetaData(piplMetaData);
// If the user opts in to targeted advertising:
MetaData privacyMetaData = new MetaData("privacy");
privacyMetaData.Set("consent",
"true");
Advertisement.SetMetaData(privacyMetaData);
// If the user opts out of sending their personal identifiable information outside of China:
MetaData piplMetaData = new MetaData("pipl");
piplMetaData.Set("consent", "false");
Advertisement.SetMetaData(piplMetaData);
// If the user opts out of targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", false);
privacyMetaData.commit();
Note: You must commit the changes to the MetaData object for each value before trying to set another value. You must also provide consent for sending a user's personal identifiable information outside of China and to targeted advertising for PIPL. The second parameter is an object (a string in this example); using a boolean value will result in an error.
// If the user opts in to sending their personal identifiable information outside of China:
UADSMetaData *piplConsentMetaData = [[UADSMetaData alloc] init];
[piplConsentMetaData set:@"pipl.consent" value:@YES];
[piplConsentMetaData commit];
// If the user opts in to targeted advertising:
UADSMetaData *privacyConsentMetaData = [[UADSMetaData alloc] init];
[privacyConsentMetaData set:@"privacy.consent" value:@YES];
[privacyConsentMetaData commit];
// If the user opts out of sending their personal identifiable information outside of China:
UADSMetaData *piplConsentMetaData = [[UADSMetaData alloc] init];
[piplConsentMetaData set:@"pipl.consent" value:@NO];
[piplConsentMetaData commit];
// If the user opts out of targeted advertising:
UADSMetaData *privacyConsentMetaData = [[UADSMetaData alloc] init];
[privacyConsentMetaData set:@"privacy.consent" value:@NO];
[privacyConsentMetaData commit];
Note: You must commit the changes to the MetaData for each value before trying to set another value. You must also provide consent for sending their personal identifiable information outside of China and to targeted advertising for PIPL.
// If the user opts in to sending their personal identifiable information outside of China:
MetaData piplMetaData = new MetaData(this);
piplMetaData.set("pipl.consent", true);
piplMetaData.commit();
// If the user opts in to targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", true);
privacyMetaData.commit();
// If the user opts out of sending their personal identifiable information outside of China:
MetaData piplMetaData = new MetaData(this);
piplMetaData.set("pipl.consent", false);
piplMetaData.commit();
// If the user opts out of targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", false);
privacyMetaData.commit();
Note: You must commit the changes to the MetaData for each value before trying to set another value. You must also provide consent for sending their personal identifiable information outside of China and to targeted advertising for PIPL.
If the user takes no action to agree or disagree to targeted advertising (for example, closing the prompt), Unity recommends re-prompting them at a later time.
Please visit our legal site for more information on Unity's approach to PIPL.
On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in the European Economic Area (EEA), and all versions of the Unity Ads SDK are compliant.
Unity recommends that you update to the latest version of the SDK, but it is not required for GDPR compliance. Legacy versions (below version 2.0) of the SDK now only serve contextual ads to users, strictly based on geographic location and current gameplay. No historical or personal data is used for ad targeting, including user behavior within the app and across other apps, or installs.
Versions 2.0 and higher automatically present affected users with an opportunity to opt in to targeted advertising, with no implementation needed from the publisher. On a per-app basis, the first time a Unity ad appears, the user sees a banner with the option to opt in to behaviorally targeted advertising. Thereafter, the user can click an information button to manage their privacy choices.
If a publisher or mediator manually requests a user opt-in, the Unity opt-in will not appear. Please note that users can still request opt-out or data deletion, and access their data at any time by tapping the Unity Data Privacy icon when or after an ad appears.
Use the following API to pass a consent flag to the Unity Ads SDK:
// If the user opts in to targeted advertising:
MetaData gdprMetaData = new MetaData("gdpr");
gdprMetaData.Set("consent", "true");
Advertisement.SetMetaData(gdprMetaData);
// If the user opts out of targeted advertising:
MetaData gdprMetaData = new MetaData("gdpr");
gdprMetaData.Set("consent", "false");
Advertisement.SetMetaData(gdprMetaData);
Note: You must commit the changes to the MetaData object for each value before trying to set another value. The second parameter is an object (a string in this example). Using a boolean value will result in an error.
// If the user opts in to targeted advertising:
UADSMetaData *gdprConsentMetaData = [[UADSMetaData alloc] init];
[gdprConsentMetaData set:@"gdpr.consent" value:@YES];
[gdprConsentMetaData commit];
// If the user opts out of targeted advertising:
UADSMetaData *gdprConsentMetaData = [[UADSMetaData alloc] init];
[gdprConsentMetaData set:@"gdpr.consent" value:@NO];
[gdprConsentMetaData commit];
Note: You must commit the changes to the MetaData object for each value before trying to set another value.
// If the user opts in to targeted advertising:
MetaData gdprMetaData = new MetaData(this);
gdprMetaData.set("gdpr.consent", true);
gdprMetaData.commit();
// If the user opts out of targeted advertising:
MetaData gdprMetaData = new MetaData(this);
gdprMetaData.set("gdpr.consent", false);
gdprMetaData.commit();
Note: You must commit the changes to the MetaData object for each value before trying to set another value.
If the user takes no action to agree or disagree to targeted advertising (for example, closing the prompt), Unity recommends re-prompting them at a later time.
Please visit our legal site for more information on Unity's approach to GDPR.
In January of 2019, the California Consumer Privacy Act (CCPA) takes effect in California, and all versions of the Unity Ads SDK are compliant.
Unity recommends that you update to the latest version of the SDK, but it is not required for CCPA compliance. Versions 2.0 and higher automatically present affected users with an age-gated consent flow for targeted advertising, with no implementation needed from the publisher.
If a publisher or mediator manually requests a user opt-in, they can use the following API to pass a consent flag to the Unity Ads SDK. If Unity receives this flag, its built-in opt-in will not appear.
// If the user opts in to targeted advertising:
MetaData privacyMetaData = new MetaData("privacy");
privacyMetaData.Set("consent", "true");
Advertisement.SetMetaData(privacyMetaData);
// If the user opts out of targeted advertising:
MetaData privacyMetaData = new MetaData("privacy");
privacyMetaData.Set("consent", "false");
Advertisement.SetMetaData(privacyMetaData);
Note: You must commit the changes to the MetaData object for each value before trying to set another value. The second parameter is an object (a string in this example). Using a boolean value will result in an error.
// If the user opts in to targeted advertising:
UADSMetaData *privacyConsentMetaData = [[UADSMetaData alloc] init];
[privacyConsentMetaData set:@"privacy.consent" value:@YES];
[privacyConsentMetaData commit];
// If the user opts out of targeted advertising:
UADSMetaData *privacyConsentMetaData = [[UADSMetaData alloc] init];
[privacyConsentMetaData set:@"privacy.consent" value:@NO];
[privacyConsentMetaData commit];
Note: You must commit the changes to the MetaData object for each value before trying to set another value.
// If the user opts in to targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", true);
privacyMetaData.commit();
// If the user opts out of targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", false);
privacyMetaData.commit();
Note: You must commit the changes to the MetaData for each value before trying to set another value. If you've already implemented the gdpr API to solicit consent, you can also use it for CCPA compliance by extending your implementation to CCPA-affected users. Similarly, the privacy API can apply to GDPR when extended to affected users.
Please visit our legal site for more information on Unity's approach to CCPA.