GDPR and CCPA region identification

The GDPR and CCPA data privacy laws affect citizens of the EU and residents of California. I live in Washington state and when I install and run popular games from big game companies, they don't prompt me for consent to opt-in to sharing my data. My assumption is that these companies are able to detect the region that a user has installed the app from and so they only prompt for consent when a user resides in the EU or CA.

At the moment, I don't have a good way to detect this and Unity doesn't provide this information. Device language isn't an accurate measure of citizenship and wouldn't help at all with US state residency.

I'm looking for advise on how to detect these users. Is it practical for Indie developers to do this? Are there SDKs or services that do this? What are you using for your games?

Our current plan, in lieu of region detection, is to prompt for consent for all installs. I would love to hear from Unity about this: if there are plans to make this easier in the future.

Thanks for the advise!

 

Thanks for the reply. I don't think that's legally possible for GDPR in the case where you want to collect game analytics. In this case I believe you'd need to set "Analytics.initializeOnStartup = false" and then prompt for consent. My understanding ("I'm not a lawyer" disclaimer) is that GDPR is opt-in, whereas CCPA is opt-out. Even with CCPA, the "Do Not Sell" button needs to be really obvious, not buried in a secondary-screen.

I was previously putting the Data Privacy button within our Options UI, but we're also using an Ad Mediator now so we need to prompt for consent because it isn't necessarily UnityAds being shown the first time.

 

An engineering contact of mine suggested services like maxmind geoip. I don't know how "indie-friendly" their plans are in terms of pricing, but my biggest legal concern would be that the state-level detection by IP is only 80% accurate. This could work for GDPR, however, since country accuracy is 99.8%.

 

Hey did you find any good way for an indie studio to detect if user needs to be asked about his CCPA consent?
Great game btw! Keep up the great work!

 

Not at the state level, since the accuracy is only 80% (at least for maxmind geoip). Right now our game asks for consent in all countries, just to be kind and fair to all users. However, if you only want to prompt for players that fall under these laws and you want to ensure compliance with the laws, you'll probably want to ask for consent for all players in the USA and EU. Country accuracy is high (99.8%) and the prices for country lookup are far cheaper. I am not an authority on this, so this is just what I learned so far with my limited research and legal knowledge on the subject.

Thanks, I'm glad you like Tiny Bubbles!

 

Thank you for the tips! Ridiculous how the entire world of developers big and small should suffer now because Californians decided to be so special

 

Hi, I am also using an Ad Mediator, i.e. Admob for mediation with Unity Ads. Can you guide me how to forward CCPA consent from admob to UnityAds?
As the case with GDPR consent forwarding, admob states at https://developers.google.com/admob/unity/mediation/unity#eu_consent_and_gdpr

The Unity C# code linked on the Unity Ads GDPR Compliance guide is not compatible with the mediation plugin for Unity Ads. To manually pass consent to Unity Ads in the context of mediation, use the UnityAds.SetGDPRConsentMetaData() method as shown above.

Here admob guides that how to forward consent of GDPR to UnityAds in alternate way but does not guide about CCPA consent forwarding?
Thanks.

 

Reviving this old thread since I haven't found anything else about it. I'm using MAX to monetize, but they are deprecating the geo locator that was included until now. So I have to find my own (or write my own). Has anyone a solution for this? Both GDPR and CCPA?