As stipulated in the GDPR regulation application in Europe, each website as well as mobile applications must manage its users consent relatively to data collection and expose clearly why their data is collected.

Why your current logic needs to be adapted

On a website this consent management is often handled by a cookie manager.

It is important the mobile app also applies to these rules as additional third parties may be included to track your customers data in addition to your current website technical stack:

  • FollowAnalytics for analytics and engagement purposes

  • Any other SDK your required to add (Attribution SDK, analytics SDK...)

Example:

Attribution SDKs (Branch, Appsflyer...) are collecting an IDFA which is considered as a personal data by the GDPR.

FollowAnalytics SDK is by default GDPR compliant since the collected data is anonymised, though as soon as the user logs in, an ID is collected and the data is not anonymised anymore !

Do not forget to include your Legal in these discussions as your legal terms & conditions may need to be updated following the development of your mobile application. It is very important for the sake of your GDPR compliance.

Define your desired logic

Applicable for the FollowAnalytics data collection only

The FollowAnalytics SDK allows two different modes: opt-in analytics and opt-out analytics (*).

(*) Opt-out analytics allows to limit data collection to non personal data.

Do not hesitate to ask your CSM for more detailed documentation.

It is the customer's responsibility to define the desired implementation of the opt-in / opt-out analytics depending on their Legal requirements. Though you may find in the next section a couple of recommendations


Advantage

The logic below allows full autonomy on the app's FollowAnalytics data collection directly from the website (no dependency on the app development). The business logic (optin / optout analytics) is completely handled by the cookie manager.

Behavior

Device set to opt-out analytics at first launch.

If the user accepts the cookie related to FollowAnalytics, the website triggers a script (*) to make the device switch to Opt-in analytics.

If the user does not accept the FollowAnalytics cookie, the website triggers a script (*) to make the device switch to Opt-out analytics.

(*) The script need to be implemented from the website cookie tag manager.

Technical implementation

The script to implement in the cookie tag manager could be the following if the user does not accept to be tracked by FollowAnalytics :

FollowAnalytics.setOptInAnalytics(false);

If the user accepts to be tracked the script could be :

FollowAnalytics.setOptInAnalytics(true);

Example - collect data only for logged in users

Advantage

No website requirement apart from being able to easily identify the logged in state of the user (a div, a cookie...)

Behavior

Device set to opt-out analytics at first launch.

If the user logs in, the mobile app makes the device switch to Opt-in analytics.

If the user logs out, the mobile app makes the device switch to Opt-out analytics.

Please note that this type of implementation

  • offers little flexibility if any change should occur, a new release of the mobile app will be necessary.

  • may need your legal terms to be adapted as it suggests that as soon as the user logs in / creates an account, it means he is forced to have its data tracked by FollowAnalytics.

Technical implementation

Completely handled by FollowAnalytics.


If you have any questions related to this article please do not hesitate to get in touch with your CSM.




Did this answer your question?