For years, many app developers have side-stepped privacy regulations like the GDPR. But they won’t be able to ignore the EU’s upcoming Digital Markets Act. That’s why it is time to get serious about user consent.
Regulators have tried repeatedly to make digital content creators more respectful of user privacy. They have had some success. But plenty of creators still ignore the rules. The EU’s Digital Markets Act (DMA) promises to be different: for one simple reason. It targets gatekeepers, rather than developers. These giant tech firms won’t risk huge fines and reputation damage because of the actions of third parties. They will demand compliance from any developer using their platforms.
It’s why mobile insiders are bracing themselves for what they call DMArmageddon.
But are they right? Is the DMA really the end of the world? Or can app developers make relatively small changes, and even come out stronger after complying?
We think they can. The secret? Using an in-game Consent Management Platform (CMP) to abide by the rules and gather a large and trusting audience.
...the truth is that game publishers have mostly ignored these rules.
Keeping on top of the gatekeepers
But before we get into that, let’s explore exactly what the EU Digital Markets Act is, and why it’s such an important regulation.
The DMA became law in November 2022, and will be enforced as of March 2024. The EU proposed the law because it was concerned about the rise of big tech ‘gatekeepers’ and the risk that they can abuse their powerful positions in digital markets. Among other things, the EU wants to return control back to the consumers that use these services. The DMA has multiple provisions on privacy and compels gatekeepers such as Apple and Google to obtain “explicit consent for collection and usage of European citizens’ personal data”.
Crucially, this includes data gathering by third parties that use their platforms. This includes mobile apps and games developers.
Digital Markets Act and user consent: this time it’s serious
Now, this is obviously not the first time regulators have passed privacy laws. We all know about the GDPR et al. But the truth is that game publishers have mostly ignored these rules. Indeed, an industry survey from April 2023 found that 90 percent of mobile developers failed to comply with privacy regulations, despite the threat of large fines for noncompliance.
Can they do the same for the DMA? No, they can’t. This time around, the gatekeepers will be enforcing compliance from third parties using their platforms for advertising and other key functions.
They are taking the law extremely seriously. Take Google, for example. In the summer, the company mandated that “all publishers serving ads to EU, EEA and UK users must use a Google-certified Consent Management Platform.”
Why the sudden urgency? Because the EU has promised to fine gatekeepers up to 10 percent of their annual revenue if they breach the DMA. For Google, that adds up to $28.2 billion. Repeated infringements could nudge the number to 20 percent. In light of this, the gatekeeper companies aren’t going to take unnecessary risks. They can simply remove third parties that don’t comply from their platforms. Say goodbye to ad revenue, audience access, critical data, and more.
Hence the phrase ‘DMArmageddon’.
...an industry survey from April 2023 found that 90 percent of mobile developers failed to comply with privacy regulations.
And actually, the DMA is not the only regulatory asteroid barrelling towards games developers. Legislators in other parts of the world are rolling out similar privacy protections. Gartner predicts that, by the end of 2024, 75 percent of the world’s population will have their data and privacy protected by regulation.
Clearly, it’s time for game developers to start taking user consent seriously. Where can they start?
Google's Response: Unveiling Consent Mode
As the DMArmageddon looms, developers will be looking for instructions from the gatekeepers on what to do. Google has been the first to step up. With Google Consent Mode (V2), it is trying to help app developers to navigate the impending privacy storm, especially those relying on Google Firebase for Analytics.
Google Consent Mode indicates whether consent has been granted for Google Analytics and Google Ads cookies. By incorporating it, developers can align their applications with the principles of the Digital Market Act while preserving the functionality of their Google tools.
Digital Markets Act: key steps for app developers
The DMA is nearly here. Unlike other regulations, it cannot be ‘kicked into the long grass’. Developers must take action. We recommend two simple steps.
- Adopt Google Consent Mode immediately. Especially if you are using Google Firebase for Analytics. This proactive step will help ensure your continued access to analytics services and fortify your defences against evolving privacy regulations and new ones on the horizon.
- Consider using a certified consent management platform (CMP). The best CMPs are designed to comply automatically with Google DMA requirements. Usercentrics is one of Google’s officially-sanctioned CMPs. In June 2023, it was certified for use by publishers serving ads to users in the EU, EEA or UK.
Remember, the DMA and Consent Mode are just the start of a wider privacy clampdown. More changes will be coming this year (e.g. Apple new privacy features, Android Privacy Sandbox) so it is important to be ready.
So, the DMArmageddon ‘asteroid’ is coming. But there’s no need to despair. Instead, make privacy part of your strategy. You can avoid the end of the world, and start a brave new one.