As the industry’s leading mobile attribution and analytics platform, AppsFlyer is committed to providing its customers full transparency and control over their users’ personal data, empowering them in their pathway to GDPR and CCPA compliance.
On May 25, 2018, The European Union began the enforcement of a new data privacy law called the General Data Protection Regulation (GDPR) replacing the previous Data Protection Directive. A primary aim of the GDPR is to provide people in the EU greater control over their personal data and data which is collected about them.
Any company that collects (or processes on behalf of the company that collects) personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including AppsFlyer’s customers are affected.
The California Consumer Privacy Act (CCPA) is a state law that will become operational January 1, 2020. The CCPA is intended to provide individuals (in this case California residents) with increased control over their data and privacy while imposing increased obligations on businesses.
The CCPA applies to any for-profit organization that meets certain conditions and does business in California. “Doing business in California” should be interpreted broadly to include anyone who collects or sells personal information of California residents. This regulation applies to many of AppsFlyer’s customers.
At AppsFlyer, data privacy and security are at our core. Our state-of-the-art real-time infrastructure, advanced security and data protection, independent certifications and global regulatory compliance have earned the trust of the world’s leading brands.
AppsFlyer is committed to and has invested significant and strategic resources—implementing rigorous technical measures and working with leading third party consultants—to provide diligent GDPR and CCPA compliance across our solutions and teams.
AppsFlyer’s data transfer practices are certified under the EU-U.S. Privacy Shield Framework. EU and US clients can rely on the Privacy Shield Framework to transfer data lawfully between the EU and the US and vice versa.
To help advertisers (controllers) to adhere to the GDPR and CCPA obligations towards their end-users requests, AppsFlyer has built new APIs to manage users’ (data subjects’) requests for:
AppsFlyer has implemented appropriate technical and organizational measures for ensuring that, by default, only personal data which is necessary for each specific purpose of the service are processed, strictly in accordance with our customers’ instructions and configuration.
OpenGDPR is a universal, secure, and common framework for compliance with GDPR mandated data subject rights. The OpenGDPR framework presents a public API specification along with a recommended set of best practices for implementing and maintaining a connected and compliant stack. By adopting OpenGDPR, brands can reliably address data subject requests across their partner ecosystems, in near real-time. Adhering to the GDPR and CCPA Right of Deletion, OpenGDPR helps organizations globally take another step toward compliance.
Mobile app developers and advertisers utilize unique, personal identifiers to measure and understand their performance, optimize their app’s effectiveness and marketing. To ensure that you are complying with the personal data security requirements, here is a list of 7 key recommended measures to take towards GDPR and CCPA readiness:
General Privacy Questions
A word from our lawyers: Nothing stated here is legal advice. It is provided only for your informational and convenience purposes. You should work closely with legal and other professional advisors to determine exactly how the GDPR, CCPA or any other laws may or may not apply to you.