GDPR and CCPA
Android Web - GDPR and CCPA
GDPR
In order to provide personalized recommendations for visitors in the EU, you will need to implement GDPR.
2 flows are supported:
- Using a CMP (Consent Management Platform).
- Passing consent directly.
Implement 1 of the above flows (not both).
Using a CMP (Preferred)
If your app integrates with a CMP (using the IAB Consent Framework), the SDK will collect the consent automatically. No further action is required on your part.
Taboola SDK 3.x supports both TCF v1 and TCF v2.
Guidelines
- Make sure that your CMP implements the consent framework fully. Taboola SDK will take the value 'as is'.
- Load your CMP script as early as possible (before Taboola content is fetched).
- If the above guidelines are not met, Taboola SDK may not be able to serve personalized recommendations.
TCF
- The Transparency and Consent Framework (TCF) provides publishers and advertisers with a common language to communicate user consent.
- For a detailed overview of TCF v2 consent strings, see: Transparency and Consent String Formats.
Passing consent directly
If you are unable to use a CMP, you can pass an "explicit consent" status directly.
Each time you instantiate a Page, pass the "cex"
flag, with a boolean value (as a String). Make sure to pass a new value for each SDK session.
By default, the value of the "cex"
flag is "true"
, allowing Taboola to make use of the user's data.
If GDPR applies, set the flag accordingly (otherwise, take no action):
"true"
- end-user consented."false"
- end-user declined.
Example - user has consented
Add the following line, just after initializing Taboola:
HashMap<String, String> extraProperties = new HashMap<String, String>() {{ put("cex", "true"); }};
Taboola.setGlobalExtraProperties(extraProperties);
If GDPR is not applicable, then no action is required.
The respective, direct flows for GDPR and CCPA use
"true"
/"false"
in opposite ways to one another. Make sure to set the flag correctly.
CCPA
In order to provide personalized recommendations for visitors in California, you will need to implement CCPA.
2 flows are supported:
- IAB CCPA Framework (
IABUSPrivacy_String
). - Passing consent directly.
Implement 1 of the above flows (not both).
Using the IAB CCPA Framework (Preferred)
If your app integrates with a CCPA tool, the SDK will collect the consent automatically. No further action is required on your part.
Guidelines
- Make sure that your CCPA tool implements the framework fully. Taboola SDK will take the value 'as is'.
- If the Taboola SDK does not receive a valid consent signal, it will not be able to serve personalized recommendations.
Passing consent directly
If you are unable to use a CCPA tool, you can pass a "Do Not Sell" (DNS) status directly.
Each time you build a Unit, pass the "cdns"
flag, with a String value. Make sure to pass a new value for each SDK session.
You can set the flag with the following values:
"true"
- CCPA applies - and the end-user declined ("Do not sell" is true)."false"
- CCPA applies - and the end-user consented ("Do not sell" is false)."none"
- CCPA does not apply (default).
Example - user has consented:
Add the following line, just after initializing Taboola:
HashMap<String, String> extraProperties = new HashMap<String, String>() {{ put("cdns", "false"); }};
Taboola.setGlobalExtraProperties(extraProperties);
Initialization is required once per application. It should be done as early as possible - preferably in a sub-class of
Application
.
The respective, direct flows for GDPR and CCPA use
"true"
/"false"
in opposite ways to one another. Make sure to set the flag correctly.
Need a hand?
Go ahead! Ask a question in our Support Forum.
Tip: Provide as much detail as possible, including your platform and SDK version.
Updated about 3 years ago