Overview
The DARO SDK provides APIs to forward the privacy consent state your app collects to each ad demand. You are responsible for collecting consent and building its UI; the DARO SDK only forwards the resulting values to ad demands.Apply privacy settings before loading ads so they are reflected in ad requests. The
set* methods can be called at any time, before or after SDK initialization; when called after initialization, the updated values are re-propagated to each ad demand.If you set no value, the DARO SDK forwards no signal to ad demands for that regulation. See the Default behavior section of each regulation below for how that case is handled.
GDPR
GDPR (General Data Protection Regulation) is a consent-based privacy regulation that applies to users in the European Economic Area (EEA) and the UK. Personal data may be processed only after the user has explicitly given consent.How the DARO SDK handles it
After you determine the user’s consent with a Consent Management Platform (CMP) such as UMP, forward the result to the DARO SDK with the API below. The DARO SDK propagates the received state to each ad demand.Values
Default behavior
IfsetGdpr is never called, the state stays .unknown and no GDPR signal is forwarded to ad demands. If your app has users subject to GDPR, be sure to set it explicitly.
Notes
Use.unknown only as a temporary state. Keeping .unknown without showing the consent prompt to users subject to GDPR may constitute a regulatory violation. Update to .optIn or .optOut as soon as consent is determined.
consentString
An optional argument (default""). If you use a CMP such as UMP, pass the GDPR consent string it generates. If you do not use one, leaving it empty ("") is fine. Passing an empty string keeps the previously stored value rather than clearing it (clearing is not supported). This is a separate value from the CCPA consentString.
Examples
CCPA
CCPA (California Consumer Privacy Act) and other US state privacy laws grant users the right to opt out of the sale of their personal information. It is allowed by default unless the user explicitly opts out.How the DARO SDK handles it
After you determine whether the user has opted out, forward the result to the DARO SDK with the API below. The DARO SDK propagates the received state to each ad demand.Values
Default behavior
IfsetCcpa is not called, the DARO SDK forwards no CCPA signal, and ad demands treat the user the same as .optIn: sale/sharing of personal information and personalized ads are allowed. If your app has users subject to CCPA, be sure to set it explicitly.
consentString
An optional argument (default""). If you use UMP, pass the US Privacy String it produces. If you do not use UMP, leaving it empty ("") is fine. Passing an empty string keeps the previously stored value rather than clearing it (clearing is not supported). This is a separate value from the GDPR consentString.
Notes
CCPA’s.optIn / .optOut differ in meaning from GDPR. Under CCPA, .optIn means “the user did not opt out,” and .optOut means “the user opted out of the sale of personal information.” CCPA is opt-out based, so there is no value equivalent to .unknown. If the user has not yet responded, treat them as .optIn.
Examples
COPPA
COPPA (Children’s Online Privacy Protection Act) is a US regulation that protects children under 13. Unlike GDPR and CCPA, it is not a user consent flow but the publisher’s declaration of whether the app is directed at children.How the DARO SDK handles it
After you determine whether your app is directed at children, forward it to the DARO SDK with the API below. The DARO SDK propagates the received declaration to each ad demand.Values
Default behavior
IfsetCoppa is not called, the child-directed status is not forwarded to ad demands. If your app is directed at children, be sure to set it explicitly.
Notes
COPPA declares whether the app as a whole is directed at children. Per-user settings are not supported. Even if only some users are children, make the determination on an app-wide basis.Examples
Migrating from the previous API
The previous property-based consent settings (hasUserConsent / gdprConsentString / doNotSell / ccpaString / isTaggedForChildDirectedTreatment) are deprecated. Use the set* method API going forward. The existing properties still work for now — they are internally redirected to the set* calls below — but may be removed in a future release.
If
isTaggedForChildDirectedTreatment was never set (nil), it is treated the same as .notChild.
