My team & I have been banging our heads against the wall lately. We’re working on an app and are utilising Firebase Analytics and AdMob.
We’re trying to ensure/confirm that our user consent flow when opening the app the first time complies with GDPR and iOS's App Tracking Transparency requirements. We designed a flowchart (see image attached), based on our research.
Breakdown of the flowchart:
- App Launch
- Firebase analytics consent form:
- A consent form is displayed asking if the user agrees to data collection for analytics purposes.
- Also privacy policy and terms of service would be linked
- Options:
- Accept -> enables data collection
- Decline -> disables data collection
- A consent form is displayed asking if the user agrees to data collection for analytics purposes.
- AdMob personalised ads consent form:
- Another consent form for personalised advertisements.
- Options:
- Accept -> allows personalised ads on android, green light for the next step (4) on ios
- Decline -> disallows personalised ads
- ATT Prompt (for iOS users, if personalised ads are accepted):
- Shows the iOS ATT prompt to request permission to track the user across apps and websites owned by other companies.
- Options:
- Allow -> allows personalised ads on iOS
- Don't Allow -> disallows personalised ads
- Redirect to home screen🎉
We would appreciate feedback on following questions:
Would this flow meet GDPR & ATT requirements?
Is the ATT prompt correctly placed? Only after obtaining consent for personalised ads?
Any improvements/suggestions to better align with privacy regulations?