User acquisition and player retention is a core aspect for any mobile game. In such a saturated market it’s essential to be able to pull in users, and have them stick around. Some mobile game developers and publishers find themselves taking the risk bypassing user privacy for fear of impacting these core stats. However, as of next year changes are incoming that will make user consent high on the agenda for mobile games companies.

In this guest post, global director of apps solutions at Usercentrics, Valerio Sudrio looks at the twin threats of the Digital Markets Act and Google’s privacy sandbox and discusses the impact these new privacy initiatives will have on mobile games publishers and developers in 2024.


Ninety percent of app makers still ignore user consent. The EU’s Digital Markets Act will compel them to change. So is DMA the end of the world – or an opportunity?

The takeaway was clear: get serious about user consent, or you can forget about publishing with us.

Valerio Sudrio

In the summer, Google placed a notice on the accounts of its AdMob-using app developers. It read: “Later this year, Google will require all publishers serving ads to EEA and UK users to use a Google-certified Consent Management Platform.”

The message was unobtrusive. But the takeaway was clear: get serious about user consent, or you can forget about publishing with us.

Why would Google do this? After years of advice about user privacy and consent, why the sudden compulsion?

Here’s a good reason: 28.2 billion dollars.

This is 10 percent of Google’s annual revenue, and it’s the exact figure Google will have to pay in fines to the EU if it breaches the privacy rules in its forthcoming Digital Markets Act (DMA). And here’s the thing: the law makes Google responsible not just for its own actions but for the actions of everyone on its platform.

So if you breach, it breaches.

An industry survey from April 2023 found that 90 percent of mobile games developers had failed to comply with privacy regulations such as GDPR

Valerio Sudrio

New year, new rules

Google’s scary notice obviously spooked many mobile game developers. Without question, many of them had previously kicked the issue of consent into the long grass. Indeed, an industry survey from April 2023 found that 90 percent of mobile games developers had failed to comply with privacy regulations such as GDPR – despite the threat of hefty fines for non-compliance. They clearly believed that asking users for consent kills engagement/conversions. Better to ignore it.

However, the Admob notice confirmed that the days of avoiding consent and hoping for the best are coming to an end. In fact, developers have until January 2024 at the latest before the regulators close in. Why January? Well, it all comes back to the Digital Markets Act. So, let’s recap.

All about the EU Digital Markets Act

The DMA was conceived as a measure to limit the power of big tech. The EU had observed the rise of platform ‘gatekeepers’ and their potential to abuse their monopolistic positions. In the app space, this covered ‘unfair’ practices such as:

  • Controlling payment processing
  • Charging punitive revenue shares
  • Demanding payment for user acquisition
  • Privileging their own products and services
  • Arbitrarily removing developers from the platform

By acting on all of the above, the DMA might be good news for developers. It can certainly give them more flexibility and better margins.

But then there’s the data privacy aspect. The act makes clear that gatekeepers must obtain “explicit consent for collection and usage of European citizens’ personal data”. And, as stated, that includes data gathering by third parties on their platforms.

The EU passed the DMA in June 2022 and entered it into force in November. However, the EU didn’t designate gatekeepers (Google is one of them) until September 2023. It says it will fully apply the law from March 2024.

In advance of that deadline, Google has decreed that its new consent management platform requirements will take effect on 16 January 2024. So that gives games/app developers just a few weeks until consent becomes non-negotiable.

But it’s not just the DMA increasing pressure to get serious about privacy.

Pressure is coming from all directions

The days of evasion are over. In 2024, mobile game publishers and developers must shift toward a more positive view of user consent.

Valerio Sudrio

There’s also a self-policing initiative by the Internet Advertising Bureau Europe (IAB). The Transparency & Consent Framework (TCF) is an accountability tool that facilitates compliance with the EU’s ePrivacy and GDPR regulations. TCF lets users grant or withhold consent and exercise their ‘right to object’ to data being processed. Yes, it’s voluntary, but the TCF piles more pressure on publishers to seek consent.

In the meantime, the platform owners are taking their own defensive actions. Google is rolling out its Privacy Sandbox, an Android initiative to “limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID.”

Apple is getting tough as well. In July 2023, it announced it would crack down on fingerprinting. This lets developers gather user data such as screen resolution, model, OS and more to create a unique fingerprint that can identify an individual user. Apple said that from Spring 2024, “apps that don’t describe their use of required reason API in their privacy manifest file won’t be accepted by App Store Connect.”

The days of evasion are over. In 2024, mobile game publishers and developers must shift toward a more positive view of user consent.

Everyone wants a re-set

The takeaway is obvious. DMArmageddon is coming. But it needn’t be the end of the world.

Valerio Sudrio

Evidence suggests that the public is ready for a fresh approach. Mobile gamers have grown used to apps that do not explain how their personal data is used and then bombard them with poorly targeted ads. They want something better. This explains the growing belief that a well-executed consent policy can improve player trust rather than turn people off.

Advertisers feel the same way. They want brand-safe environments populated by games that provide ad networks with consented data. Couple this with more zero-party data, where players explicitly and willingly provide their personal information, and everyone wins.

The good news is that specialist help is out there for developers who are serious about consent. Google appears to be aware of the need to bring developers on board. It has published plenty of guidance on consent gathering, including a list of certified content management platforms (CMPs).

The takeaway is obvious. DMArmageddon is coming. But it needn’t be the end of the world.

Edited by Paige Cook

 


Discover more on user transparency at Pocket Gamer Connects. In this video from Pocket Gamer Connects London in 2023, Maggie Mesa, SVP Global Sales & Revenue at Chartboost, tells us why trust and transparency are crucial to your ad monetisation strategy.