Cuebiq has embraced privacy as a core value from the very start. As we continue to evolve our approach to privacy with each new regulatory advance, such as with GDPR and CaCPA, it’s important to ground ourselves in several central principles to guide our efforts. Cuebiq’s privacy program revolves around 4 key principles: Consent, Transparency, Control, and Accountability.
Let’s focus on two of these today: Consent and Transparency – which often go hand-in-hand to legitimize the other.
Consent is the most privacy compliant method to gain a legal basis for the collection and processing of a user’s data but it must be specific, informed, freely given, and unambiguous to qualify.
To address these concerns, Apple now offers App Publishers the ability to alter the default precise location language to add more detail. This is a great opportunity to include third parties that App Publisher may be working with but there are other options as well. A more natural consent flow for bundled consent (meaning third party and first party data collection is tied to the same consent) is to offer greater transparency as to the scope and purpose of data collection, which includes third party partners, prior to then asking for precise location consent.
How does this look? Upon opening an app the user is told in a modal dialogue what information is about to be collected and for what purposes if they select the “Allow” option when the precise location consent appears. Once the user selects “Proceed” the next modal dialogue shown is the default one from the OS. Now when the user selects “Allow” they have the full context of what this permission entails.
Another approach would be to unbundle the consents and simply provide an independent consent dialogue for the collection and use of precise location data by a 3rd party partner. Cuebiq supports both options natively in our latest SDK and further supports all 26 official languages in the EEA (European Economic Area). It’s important that App Publishers consult with their legal teams on their options as EU regulators have strong opinions as to the legitimacy of bundled consent approaches.
While the consent flow addresses many questions about how “specific” a consent is, any consent would not be deemed valid if it is not also “informed”. This is where the “say what you do; do what you say” principle of transparency comes into play.
I’ll be back to discuss these principles more and the others, Control and Accountability, in future blogs.
It’s important to stress that we’re all in this together. The entire app ecosystem, 1st parties and 3rd parties alike, are under constant and growing pressure to focus on privacy matters. We invite our partners to join Cuebiq in our principled approach to privacy fundamentals so we can collectively rise above the chatter and be easily identified as those that embrace privacy best practices.