Discuss Home · Bootstrapped Podcast · Scribbleton Personal Wiki · HelpSpot Customer Service Software · Thermostat NPS

ConsentMonitor.com - GDPR consent SDK for iOS and Android


#1

Hi all.

Just wanted to do a quick post to introduce my latest project. Consent Monitor is a GDPR-compliance SDK for iOS and Android developers.

If you’re in the mobile space (or even if not), I’d certainly appreciate any feedback. Or, if you have any questions and need to reach out to me in private, you can always DM me through this forum or at @andrey_butov.

Thanks in advance!


#2

Interesting, but even your home page is not GDPR compliant.

  • email collection without unset tick box to receive emails
  • loading of Google fonts (may be a problem because Google states they act as a Data Controller, not a Data Processor on your site)

Offering “GDPR compliance for your mobile apps” is probably inviting legal trouble, as you don’t offer compliance, but just a tool to help with this.


#3

Great feedback. Thanks! I will address these.


#4

Hmm. So now it is problematic to load anything from any CDN unless you 100% sure that CDN doesn’t collect any data? (which it does - logs and whatnot)


#5

Not necessarily. GDPR is formulated in such general terms that many experts disagree on specifics. I mentioned Google fonts for two reasons:

  • @andrey wants to offer a compliance service. Better be careful then.
  • Google has specifically stated for Google fonts that they act as a Data Controller (as opposed to e.g. Google Analytics, where you can have a contract with Google where they act as a Data Processor). This is somewhat problematic, because you send your website visitors automatically to Google fonts, and Google then has Data Controller authority.

How this all pans out is not yet known (probably the courts will decide).


#6

I agree with this 100%. From all my research, everyone who is addressing GDPR right now is basically making a best attempt at what they think is the right thing to do. These kinds of things really only get settled through litigation.


#7

@Andrey - surprised you want to do something with GDPR. It’s a damn migraine inducing mess and you’re grumpy enough as it is! :wink:


#8

As I understand it, a checkbox is not required, as pressing the submit button is an active action.

However, it should be made clear that by submitting the form you are accepting that the provided information is processed in accordance with the privacy policy and what the information is specifically used for.

So, in this case, it can be solved with a few tweaks:

  • Put the information text above/before the submit button.
  • In the information text, include a sentence like “By submitting this form you are accepting that the provided information may be used, stored and processed in accordance with our privacy policy.”, where the text “privacy policy” should be a link.
  • The text should be made more readable (it’s currently somewhat obscured by the background image).

You can use a CDN, but you must inform users about what data is collected by the CDN, why they are collecting it and what its used for. You must also ensure that the CDN only collects, stores and processes that data in accordance with your privacy policy and the GDPR requirements.

To be fully compliant, I would suspect you must also have a method of removing or anonymizing said data from the CDN providers logs/databases if a user requests to be “forgotten”. It’s currently unclear (at least to me) whether a users rights to access (and remove/anonymize) their own data also applies to low-level tehnical logs such as server log, database logs, etc. This is made a lot more complicated by the fact that IP addresses are defined by the EEA as personal information and that most web servers log IP addresses by default.

The simpler solution would just be to host the google fonts (and any other HTTP resources) on your “own” servers.

I also agree that one should not market a product as GDPR compliant, as GDPR compliance applies to organizations as a whole and not (only) products. Even if an organization uses only “compliant” software, that does not automatically make the organization compliant.


#9

Thanks for your feedback guys. I’ve addressed all the issues that you raised here. Cheers!


#10

Aren’t you like a little (way, way) late to the game? It seems like this should have been launched a 6-12 months ago? I guess launching this after GDPR takes effect just seems questionable to me.

GDPR takes effect in 3 days on Friday. That wouldn’t even be enough time to get an iOS update approved.

I’m pretty sure most ad networks already back GDPR compliance within their own SDKs and I think some networks like I think I saw that IAB may have created a universal solution for other ad networks and developers to use.

I know we’ve been hard at work getting ready for GDPR for almost a year and have everything baked into our SDK.


#11

Well… If I’m a representative sample, most people are just starting to think how to deal with GDPR.


#12

That’s a really good idea. It would be great if there was the same thing for Web / SaaS apps. GDPR compliance is a pain and needlessly stressful. :slight_smile:


#13

Maybe eventually, down the road. Right now, we’re just scrambling to put together something solid for the one tech stack I’m most comfortable with. :slight_smile:


#14

Nice clean and clear site - looks like wordpress, can I ask what theme did you use?


#15

I bought a license to this wordpress theme called LandKit a while back. I ripped out the wordpress stuff from it and used it as a regular HTML site. There isn’t much left from the original template, to be honest, aside from some base CSS.


#16

I feel a testimonial “It looks like a very interesting solution” has a negative effect, as it is clear the guy did not actually use the solution, so why the heck he’s testifying?


#17

Hmmm. Maybe. Though both testimonials at this point are pre-release testimonials. Since the product hasn’t been released to the public yet, only a few people have tried it. Charles is on the very short list of people to be requested to try it out before it hits release. Very grateful to @DazeEnd for the testimonial. :slight_smile:


#18

Here’s the open source free SDK IAB put out for developers to add in I mentioned for collecting GDPR consent - https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework