AndroidiOSPluginsAnnouncementsSupport Forum
SDK DocumentationRecipesAnnouncementsSupport Forum
AndroidiOSPluginsAnnouncementsSupport Forum
SDK Documentation

GDPR & US State Privacy Laws

Android Classic - GDPR & US State Privacy Laws

Suggest Edits

Overview

Taboola is committed to complying with data-protection laws and best practices, including:

  • GDPR
  • US State Privacy Laws

In order to serve personalized recommendations in the EU and US, you need to implement the relevant flows, as described on this page.

🚧

Important

If you skip this setup, Taboola may not be able to serve personalized recommendations.

📘

Frameworks

Taboola supports the following frameworks:

GDPR

In order to provide personalized recommendations for visitors in the EU, you will need to implement GDPR.

2 flows are supported:

  1. Using a CMP (Consent Management Platform).
  2. Passing consent directly.

📘

Implement 1 of the above flows (not both).

Option I: Use a CMP (Preferred)

If your app integrates with a CMP (using the IAB Consent Framework), the SDK will collect the consent automatically. No further action is required on your part.

🚧

Guidelines

  1. Make sure that your CMP implements the consent framework fully. The SDK will take the value 'as is'.
  2. Load your CMP script as early as possible (before Taboola content is fetched).
  3. If the above guidelines are not met, Taboola SDK may not be able to serve personalized recommendations.

Option II: Pass consent directly

If you are unable to use a CMP, you can pass an "explicit consent" status directly.

Each time you instantiate a Page, pass the "cex" flag, with a boolean value (as a String). Make sure to pass a new value for each SDK session.

By default, the value of the "cex" flag is "true", allowing Taboola to make use of the user's data.

If GDPR applies, set the flag accordingly (otherwise, take no action):

  • "true" - end-user consented.
  • "false" - end-user declined.

Example - user has consented

Add the following line, just after initializing Taboola:

HashMap<String, String> extraProperties = new HashMap<String, String>() {{ put("cex", "true"); }};
Taboola.setGlobalExtraProperties(extraProperties);

val extraProperties = hashMapOf("cex" to "true")
Taboola.setGlobalExtraProperties(extraProperties)

📘

If GDPR is not applicable, then no action is required.

🚧

The respective, direct flows for GDPR and US State Privacy Laws use "true"/"false" in opposite ways to one another. Make sure to set the flag correctly.

US State Privacy Laws

In order to provide personalized recommendations for visitors in jurisdictions with applicable US State Privacy Laws, you will need to implement compliance measures.

2 flows are supported:

  1. CMP-based consent collection (Preferred).
  2. Passing consent directly.

📘

Implement 1 of the above flows (not both).

Option I: Use a CMP (Preferred)

If your app integrates with a privacy compliance CMP, the SDK will collect the consent automatically. 2 frameworks are supported:

  • GPP (IABGPP_HDR_GppString) - Modern unified framework (recommended for new implementations)
  • IAB US Privacy (IABUSPrivacy_String) - Legacy CCPA framework (existing implementations)

👍

Best practice

GPP is the modern IAB standard that unifies privacy compliance across jurisdictions. Choose GPP for new implementations or IAB US Privacy to maintain existing setups.

🚧

  1. Make sure that your privacy compliance tool implements the chosen framework fully. Taboola SDK will take the value 'as is'.
  2. If the Taboola SDK does not receive a valid consent signal, it will not be able to serve personalized recommendations.

Option II: Pass consent directly

If you are unable to use a privacy compliance CMP, you can pass a "Do Not Sell" (DNS) status directly.

Each time you build a Unit, pass the "cdns" flag, with a String value. Make sure to pass a new value for each SDK session.

You can set the flag with the following values:

  • "true" - US State Privacy Laws apply - and the end-user declined ("Do not sell" is true).
  • "false" - US State Privacy Laws apply - and the end-user consented ("Do not sell" is false).
  • "none" - US State Privacy Laws do not apply (default).

Example - user has consented:

Add the following line, just after initializing Taboola:

HashMap<String, String> extraProperties = new HashMap<String, String>() {{ put("cdns", "false"); }};
Taboola.setGlobalExtraProperties(extraProperties);

val extraProperties = hashMapOf("cdns" to "false")
Taboola.setGlobalExtraProperties(extraProperties)

🚧

The respective, direct flows for GDPR and US State Privacy Laws use "true"/"false" in opposite ways to one another. Make sure to set the flag correctly.

💁🏻

Need a hand?

Go ahead! Ask a question in our Support Forum.

Tip: Provide as much detail as possible, including your platform and SDK version.

Updated 18 days ago