GDPR Compliance

July 10 20:06 2019 Print This Article

The General Data Protection Regulation (GDPR) is a regulation in EU law regarding data protection and privacy for European Union citizens. It states that brands in control of personal data, must be able to honor, within one month, requests for access, portability, rectification and erasure.

With regard to mobile attribution, since it is impossible to know in advance which users are European citizens, GDPR applies to all mobile users, European or not.

The GDPR Initiative

To address and manage requests from data subjects, as required for GDPR compliancy, AppsFlyer, along with mParticle, Amplitude and Braze, have initiated the OpenGDPRprotocol.

OpenGDPR is a unified, open-source framework, facilitating cooperation between technology companies for the fair and transparent use of consumer data. It enables vendors to easily take data privacy actions across multiple systems to process and store customer data.

You can read more about the initiative here.

GDPR Entities

GDPR Requirements

GDPR details the mandatory rights of the data subject, with which the advertiser must comply.

RightsGDPR DefinitionHow AppsFlyer helps the Controller
Right of AccessIf requested, data subjects have the right to know if, why, and for how long the data controller will be processing their data.If data is shared with third parties (like AppsFlyer), data subjects have the right to know who those third parties are.The right to know what categories of data are being processed.If there is automated processing, that has a significant effect on them.When sending an ‘access’ request, Data controllers receive a copy of the Data Subjects’ processed personal data.
Right to Data PortabilityThe Data Subject needs to receive all of their personal data in a structured, commonly used and machine-readable format – such as a CSV file.When sending a ‘’portability’ request, Data controller receives a copy of the Data Subjects’ processed personal data.
Right to RectificationAllows Data Subjects to correct their data if they see it is inaccurate or untruthful. Data controllers then have to erase or fix inaccurate or incomplete data.When the data controller submits a ‘rectification’ request, AppsFlyer deletes the data subject’s past data up to that moment, but data received afterwards is updated by AppsFlyer.
Right of ErasureThe right of erasure forces data controllers to remove the personal data within one month.Advertisers can delete the collected data of data subjects with an ‘erasure’ request.

AppsFlyer’s GDPR Requests API

AppsFlyersupports the above requirements via its GDPR Requests API (starting May 25th 2018 – requests received prior to this date are not handled):

  1. GDPR Request – Perform one of the above request types: ‘access’, ‘portability’, ‘erasure’ or ‘rectification’.
  2. Status Request – Query the current status of a GDPR request
  3. Discovery Request – Inquire as to the supported API version and Data Format
  4. Cancellation – Cancel a GDPR request during its pending phase

It is up to the data controller to implement GUI changes, so that its end users can submit these requests. Note that GDPR requests are per one user at a time.

1. GDPR Request




2. Status Request

3. Report Request

4. Discovery Request

5. Cancellation Request

6. GDPR Requests Test API

Request Logs

All GDPR requests submitted are available to be viewed in the Logs Dashboard by account owners only.

For completed access and portability requests, it is also possible to download the report from within this dashboard.

To access the Logs Dashboard:

1. Go to the main dashboard and click your user name.

2. Click Logs and the following window opens:

This article was originally posted here: https://support.appsflyer.com/hc/en-us/articles/360000811585-GDPR#GDPR-Requests-API

  Article "tagged" as:
  Categories:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment