Home / Compliance / GDPR (EU)

GDPR Compliance

Learn how to comply with EU privacy laws (GDPR) when showing ads to European users with the BZZE Ads SDK.

⚠️ Legal Requirement: GDPR compliance is required by law if you have users in the European Union. Failure to comply can result in fines up to €20 million or 4% of annual revenue.

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU law that protects user privacy. Key requirements for ad platforms:

  • Consent: Users must explicitly agree to personalized ads
  • Transparency: Users must know what data is collected
  • Control: Users can withdraw consent anytime
  • Data minimization: Only collect necessary data

How BZZE Ads Handles GDPR

The SDK provides built-in GDPR support. Here's how it works:

  1. You show a consent popup to EU users
  2. User chooses to accept or decline personalized ads
  3. You pass consent to SDK via gdprConsent flag
  4. SDK enforces choice: Personalized ads only if user consented

Quick Implementation

Step 1: Detect EU Users

First, determine if the user is in the EU. You can use geolocation APIs or services like CloudFlare:

JavaScript
// Option 1: Use a geolocation API
async function isEUUser() {
    try {
        const res = await fetch('https://ipapi.co/json/');
        const data = await res.json();
        const euCountries = ['AT','BE','BG','HR','CY','CZ','DK','EE','FI','FR','DE','GR','HU','IE','IT','LV','LT','LU','MT','NL','PL','PT','RO','SK','SI','ES','SE','GB','NO','IS','LI'];
        return euCountries.includes(data.country_code);
    } catch {
        return false; // Default to non-EU if detection fails
    }
}

Step 2: Show Consent Popup

If user is in EU, show a consent dialog:

HTML + JavaScript
<!-- Consent Modal -->
<div id="gdprModal" style="display: none; position: fixed; top: 0; left: 0; right: 0; bottom: 0; background: rgba(0,0,0,0.8); z-index: 9999; display: flex; align-items: center; justify-content: center;">
    <div style="background: white; padding: 2rem; border-radius: 12px; max-width: 500px;">
        <h2>Privacy & Cookies</h2>
        <p>We and our partners use cookies and similar technologies to show you personalized ads. Do you consent to this?</p>
        <button onclick="handleGDPRConsent(true)">Accept</button>
        <button onclick="handleGDPRConsent(false)">Decline</button>
    </div>
</div>

<script>
async function showGDPRConsentIfNeeded() {
    const isEU = await isEUUser();
    const hasConsent = localStorage.getItem('gdpr_consent');
    
    if (isEU && !hasConsent) {
        document.getElementById('gdprModal').style.display = 'flex';
    } else {
        initializeAds(hasConsent === 'true');
    }
}

function handleGDPRConsent(userConsent) {
    localStorage.setItem('gdpr_consent', userConsent);
    document.getElementById('gdprModal').style.display = 'none';
    initializeAds(userConsent);
}
</script>

Step 3: Pass Consent to SDK

Initialize the SDK with GDPR flags:

JavaScript
async function initializeAds(userConsent) {
    const isEU = await isEUUser();
    
    RewardedAd.init({
        appId: "YOUR_APP_ID",
        apiKey: "YOUR_API_KEY",
        userId: "user_12345",
        
        // GDPR Configuration
        gdprApplies: isEU,           // true if user in EU
        gdprConsent: userConsent,     // true if user accepted
        
        onReward: function(reward) {
            grantUserReward(100);
        }
    });
}

Complete Example

Here's a production-ready GDPR implementation:

JavaScript - Complete
// On page load
window.addEventListener('DOMContentLoaded', async function() {
    const isEU = await isEUUser();
    let userConsent = null;
    
    // Check if user already gave consent
    const savedConsent = localStorage.getItem('gdpr_consent');
    
    if (isEU && !savedConsent) {
        // Show consent popup
        userConsent = await showConsentPopup();
        localStorage.setItem('gdpr_consent', userConsent);
    } else {
        userConsent = savedConsent === 'true';
    }
    
    // Initialize SDK
    RewardedAd.init({
        appId: "YOUR_APP_ID",
        apiKey: "YOUR_API_KEY",
        userId: "user_12345",
        gdprApplies: isEU,
        gdprConsent: userConsent,
        
        onReward: function(reward) {
            grantReward(100);
        }
    });
});

async function showConsentPopup() {
    return new Promise((resolve) => {
        const modal = document.createElement('div');
        modal.innerHTML = \`
            <div style="position: fixed; inset: 0; background: rgba(0,0,0,0.8); z-index: 9999; display: flex; align-items: center; justify-content: center;">
                <div style="background: white; padding: 2rem; border-radius: 12px; max-width: 500px; margin: 1rem;">
                    <h2 style="margin-top: 0;">🍪 Privacy & Cookies</h2>
                    <p>We and our advertising partners use cookies and similar technologies to show you personalized ads based on your interests.</p>
                    <p style="font-size: 0.875rem; color: #666;">You can change your choice at any time in settings.</p>
                    <button onclick="handleConsent(true)" style="background: #10b981; color: white; border: none; padding: 0.75rem 1.5rem; border-radius: 8px; margin-right: 0.5rem; cursor: pointer;">Accept</button>
                    <button onclick="handleConsent(false)" style="background: #6b7280; color: white; border: none; padding: 0.75rem 1.5rem; border-radius: 8px; cursor: pointer;">Decline</button>
                </div>
            </div>
        \`;
        
        window.handleConsent = function(consent) {
            document.body.removeChild(modal);
            resolve(consent);
        };
        
        document.body.appendChild(modal);
    });
}

Important Notes

  • Consent is binary: User either accepts or declines (no "maybe")
  • Store consent: Save user's choice in localStorage or your database
  • Allow withdrawal: Provide a way for users to change their mind
  • Non-personalized ads: If user declines, only contextual ads are shown
  • Default to false: If unsure, set gdprConsent: false

Testing Your Implementation

  1. Test with consent = true: Verify personalized ads work
  2. Test with consent = false: Verify only contextual ads show
  3. Test consent withdrawal: User changes mind → ads adapt
  4. Test outside EU: Verify gdprApplies: false works

Consent Management Platforms (CMPs)

For advanced GDPR compliance, consider using a CMP like:

  • OneTrust: Enterprise-grade consent management
  • Cookiebot: Popular and easy to integrate
  • Osano: Developer-friendly API

These tools handle consent UI, storage, and reporting automatically.

FAQ

Do I need GDPR if I have no EU users?

No. GDPR only applies to users in the EU. However, it's good practice to offer privacy controls to all users.

What happens if user declines consent?

The SDK will only show non-personalized (contextual) ads. These may have lower fill rates and CPMs.

Can I force users to accept?

No. "Cookie walls" (forcing consent to access content) are illegal in most EU countries.

How often should I ask for consent?

Once is enough. Store the choice and respect it. Only re-ask if your privacy policy changes.

See Also