Supporting the Google EU consent policy

At a glance: AppsFlyer is helping marketers comply with the Digital Markets Act (DMA) and improve the value of their ads in Google. Find answers to frequently asked questions about compliance with the DMA and optimizing ad value.

Overview

Google is updating its EU user consent policy in preparation for the Digital Markets Act (DMA) enforcement. As a Google App Attribution Partner, AppsFlyer is adapting to the policy changes while empowering advertisers to get the most out of their ads in Google. The updated policy is in effect as of March 6, 2024.

Relevant integrations and continued use of Google features

Which integrations are involved?

The following integrations are relevant to Google's new EU consent policy:

  • Google Ads (googleadwords_int)
  • GMP DV360 (dv360_int)

If end users of your apps from these integrations are based in the European Economic Area (EEA), make sure to take the necessary actions to comply with the requirements of Google's new EU consent policy.

 Note

The [Legacy] Google Marketing Platform DV360/CM integration (doubleclick_int) will be deprecated and not supported under Google's new EU consent policy. If you're using this integration, we recommend transitioning to the new DV360 integration (dv360_int).

What should be done to continue using Google's features

Marketers need to obtain consent from end users in the EEA for the use of personal data to keep using Google Ads and GMP DV360 features related to measurement, ad personalization, and remarketing.

Updating the AppsFlyer SDK

Steps needed for implementing consent data via the AppsFlyer SDK

The AppsFlyer SDK (v6.13.1+) can send the necessary consent data with each event to meet Google's requirements.

  • Upgrade your SDK to the latest version (v6.13.1+), Applicable to Android or iOS apps.
  • Once the SDK is upgraded, see here implementation instructions for supporting the DMA.

Sending consent data

How to send consent data to AppsFlyer

Marketers have two options to send the required consent data to AppsFlyer:

  • Directly via the SDK or an S2S API: Marketers can send the consent data directly to AppsFlyer using the SDK. Applicable to Android or iOS apps.
  • Via TCF Strings: Marketers who currently use or plan to use a Consent Management Platform (CMP) can send the data fields through standard IAB TCF strings (TCF V2.2). Make sure to include the Google vendor ID (755) in the list of consented vendors. 

AppsFlyer then enables customers to transmit the consent signals to Google. However, it is important to note that AppsFlyer does not collect, alter, or control end-user consent. Marketers working with Google are responsible for collecting the necessary consent fields.

See this video on how to send consent data to AppsFlyer.

Consent values AppsFlyer sends to Google

End-user consent values are sent to Google for the relevant AppsFlyer integrations (googleadwords_intand dv360_int) using the following fields:

AppsFlyer field Google field (1) Values Field explained
gdpr_applies eea true/false (2) Does DMA apply to this user?
ad_personalization_enabled ad_personalization true/false Did the user give Google consent to use their data for personalized advertising?
ad_user_data_enabled ad_user_data true/false Did the user give consent to send their user data to Google? 
  1. See Google’s definition for each field.
  2. When DMA doesn't apply to the user, AppsFlyer suggests refraining from sending consent fields other than gdpr_applies=false

Sending consent data—FAQ

Is there an option not to send consent data to Google?

AppsFlyer enables advertisers, where they believe the DMA requirements don’t apply to their end-users (for example when they are non-EU), to prevent sending consent data to Google. This is done by activating a toggle in the relevant integration pages.

 Important!

Before using this option, it's recommended to get approval from their legal and privacy teams to make sure it aligns with their policies. See Google’s consent mode article for reference definitions.

To refrain from sharing consent data with Google:

  1. In AppsFlyer, from the side menu, select Collaboration > Active Integrations.
  2. Search for the partner and click Manage integration.
  3. From the integration setup tab, turn on Non EU users

non eu usrs.png

Is consent needed for mobile web events?

At this stage, only mobile app events are shared with Google so there's no need to share with AppsFlyer consent for web events. If users progress from the web to your app, their consent will be collected within the app at a later stage regardless.

To which countries does the Google DMA consent apply?

According to the European Commission, the Digital Markets Act (DMA) applies to users within the EU and EEA (European Economic Area), impacting these countries. Based on this information, note that the DMA doesn't extend to the UK and Switzerland.

What's the recommended way to ask for user consent in a compliant way?

AppsFlyer recommends consulting with your legal team to secure consent in a DMA-compliant manner. While Google provides general instructions, it doesn't offer specific language for prompts. 

How is AppsFlyer translating TCF strings to Google DMA consent flags?

After AppsFlyer receives the TCF strings from your CMP (either through the AppsFlyer SDK or S2S), they are processed and translated on AppsFlyer servers. The following translation is mapped and sent to Google, as recommended by Google:

AppsFlyer collected strings Google consent flags Description
gdpr_applies=1/0

eea=1/0

Identifies whether DMA is applicable or not for the respective user

ad_user_data ad_user_data=1 

When consent is given to Google for purpose 1 and consent/legitimate interest is given to Google for purpose 7

ad_user_data ad_user_data=0 When consent isn't given to Google for purpose 1 and/or consent/legitimate interest isn't given to Google for purpose 7
ad_personalization ad_personalization=1 ad_personalization=0 When consent is given to Google for purposes 3 and 4 When consent isn't given to Google for purposes 3 and 4

Do I need to update both the AppsFlyer and Firebase SDKs to send consent data?

Yes. Google requires consent data to be included in each event sent from AppsFlyer, as Google doesn't merge user consent data from Firebase with data sent from AppsFlyer. Therefore, consent data must be sent to AppsFlyer, which forwards it to Google. Similarly, sharing consent data with AppsFlyer alone is insufficient for Firebase SDK requirements. This means you must send the data to both AppsFlyer and Firebase.

Preparing for the upcoming changes

Take the following preparatory steps 

Address user consent in the European Economic Area (EEA)

Collaborate with your company’s legal counsel. They can provide insights into the implications of European user consent policies on the data you're sharing with partners like Google. If relevant, implement privacy prompts such as "Privacy Settings" or "Privacy Choices" to gather marketing and advertising-related user consent signals from your app users.

Verify CMP Compliance and TCF 2.2 Support

Ensure that your Consent Management Platform (CMP) supports TCF 2.2, which is the most updated Transparency and Consent Framework TCF) version. Your TCF should also be well-informed about the new Google EU consent requirements and can advise you on how to support it via TCF.

Implement the newest SDK/Server-to-Server (S2S) APIs

Consider the following options for sending the new consent fields, either using the SDK or S2S API calls:

  • Using the SDK:
    • Implement the latest version of the AppsFlyer SDK (v6.13.1+) for iOS and Android apps
    • Choose how to send the consent data
  • Using S2S API calls:
    • Before sending in-app events to AppsFlyer, update your API calls to include the consent_data object for each event. See how to do this

Transition from the Legacy GMP Integration (DoubleClick)

If you're still using the legacy AppsFlyer GMP integration (doubleclick_int), plan to complete the transition to the newer version (dv360_int) within Q1, 2024. The Legacy integration is not EU consent compatible, and will be deprecated soon. See more details here.

Impact on advertising activity—FAQ

How will the upcoming change impact my campaign attribution?

EU users who decline to their data being used by Google for advertising purposes (ad_user_data=0), won't be claimed for attribution by Google Ads and DV360. This means AppsFlyer won't be able to attribute them.

How will the upcoming change affect Audiences?

The change may affect the number of EEA users appearing in your audiences and being exposed to remarketing campaigns on Google. EEA-based users will be required to consent before having their information shared with Google. Those who don’t consent will be excluded from audiences on Google’s side, and won’t be exposed to your campaigns. This raises the question of how to get consent from your users and what the ramifications may be for your business and advertising efforts. Learn more about changes to Audiences.

Further information and contact details

In case you have further questions or any uncertainties, you can reach out to the following:

  • For Google’s requirements or how these updates may impact your Google data, please review Google’s help articles or reach out directly to your Google representative.
  • For questions regarding AppsFlyer’s support of EU end user consent fields, reach out to your AppsFlyer CSM or write to hello@appsflyer.com.
  • See Google’s consent mode article for reference definitions.