Question Analytics (New) - Disable Analytics for Non-GDPR\CCPA Regions

Hi David,

Thanks for the feedback.

Currently, if you are looking for player confirmation before collecting analytics, the best workflow that I can recommend is delaying the Unity Services initialization until the user opts-in, however, that does mean if you are using any other of the UGS products their initialization will also be delayed.

If you wish to allow players to opt-out of analytics, you can also use:

Events.OptOut()

This will stop the Analytics SDK from being able to send events to the analytics platform and will remove all of the events that the SDK has sent in for that player in the past. Please note, it can take up to 13 days for events to be removed from your data after using this function. As this function can only be called after Analytics has started up and sent in its initial events, it cannot be used as an opt in.

The developers have been working on a solution to allow you to disable and enable the Analytics SDK while waiting for an opt-in consent confirmation separately from the rest of the Unity Gaming Services, so a similar approach to the one you have described has been considered. I will be sure to keep you updated I receive any new information about the release of this solution.

 

Since GDPR and CCPA actually only require users to be able to opt-out and erase their data at a later point instead of explicit permission before any analytics are recorded and sent to a server,

using Events.ProvideOptInConsent("gdpr", false);

and

using Events.ProvideOptInConsent("ccpa", false);

do not actually currently opt a player out of analytics. Only the PIPL identifier will opt a player out through

Events.ProvideOptInConsent()

.

I have been speaking to the developers though and I have received some extra advice which might provide some insight on how best to implement a solution in the meantime. While events are recorded and cached on the device from the point that the Unity Services are initialized, they are not actually sent to the platform until after

Events.CheckForRequiredConsents()

has been called (unless the player is in a PIPL affected location, at which point it will continue to wait for permission).

What you can possibly do, is implement a consent flow for your players before that function is called and get a general user consent regarding the recording of analytics, then you can call the function CheckForRequiredConsents() and provide a second part to your consent flow if extra consents are required by the specific legislations. Events are not immediately sent after

CheckForRequiredConsents()

, so there is a little gap of time that you may be able to add a call to the OptOut function (if the user has denied the general consent) before any of the initial events, such as gameStarted and newPlayer, are sent to the platform. As much of the code run asynchronously, however, I cannot guarantee that this workaround would work 100% of the time. However, if any of the events do slip through a forget event will be sent to the platform and that user data would be fully erased within 2 weeks.

It is also possible to use

Events.ProvideOptInConsent("pipl", false);

outside of PIPL affected areas and it will still result in refusing to opt-in to analytics, however as the user is not in a PIPL affected area, it will have the same affect as using OptOut() right after checking for consents in this case.

I hope this helps while you wait for the solution to be released.

 

Hi David,

Sorry for the late reply on my side. I'm glad the initial workaround I proposed performed as expected. The results of your experiment are interesting too.

I actually have an update on the status of all this. A new version of the Analytics SDK was released today (version 4.0.0-pre2), this version has a new function

AnalyticsService.Instance.SetAnalyticsEnabled();

which takes a boolean value. This function will stop and start the analytics SDK as required. You can call this function before the Unity Services are started so that no events are recorded until the consents you wish to receive are given.

Note, as the SDK is disabled while the flag set by this function is set to true, you cannot call

 CheckForRequiredConsents()

and

OptOut()

until you re-enable the SDK. Of course, if you wish to use this flag between sessions when a player has not provided consent from the very beginning, I would recommend you record their consent results in the Player Preferences. The developers are looking into making it possible to use

OptOut()

while the SDK is disabled so that you can unify all of the consent results without having to record it yourself.

 

Hi David,

Just to add, one of the developers has proposed this flow for checking consents:

1. Disable the SDK on application start up
2. Check for a user’s consent
3. If consent is provided, enable the SDK and call "CheckForRequiredConsents"
4. If CheckForRequiredConsents returns PIPL, you can add an extra consent check to see if players are willing for their data to leave China and be stored in our Data Stores in Europe
5. If consent is not provided, enable the SDK and call "CheckForRequiredConsents", then immediately call OptOut to permanently disable the SDK in Player Prefs

As the SDK is disabled on start up, there will be no events recorded at the beginning at all, which means that if the player does not consent only a forget me event will be sent and it is quite certain that no other events will pass through to the Analytics platform. Naturally, the forgetMe event is still necessary as a protective measure just in case some events do somehow slip through.

 

Yup, that all makes sense and sounds like a good implementation!