Skip to content

What is the O7 Compliance module

O7 Compliance module (O7CM) is a module, which centralises all the legal and privacy business logic for a mobile app/game.

It was implemented as an answer to the ever evolving requirements the mobile app/game developers are facing due to new legal requirements emerging in different markets.

The need to adhere to the legal requirements in order to retain presence on the market poses a complex and resource intensive challenge to the game development process. Therefore, O7 has invested some resources into developing a module, which is distributed as an (internal) SDK within all the O7 apps, solving all of the privacy related requirements in a focused manner. This approach bridges the gap between the legal and tech teams and enables the transfer of responsibility to the legal team in an efficient and transparent manner.

What problems does O7CM solve

The O7CM is a standalone module, that can be integrated into Android or iOS apps. O7CM encapsulates all the business logic dictated by the legal requirements in the supported legislations. It is important to note that this business logic is managed by the legal experts and can be adjusted on per publisher basis if needed. O7 as a publisher has made it's own decisions on how to adhere to all the legal requirements and the same goes also for other publishers that would potentially use O7CM.

It is important to understand that O7CM is not only a consent management system - it has a holistic, global approach to many legislations and can support either opt-in legislations (eg. CMS for TCF 2.2, LGPD…) or opt-out legislations (eg. COPPA). O7CM supports the whole process from the point of determining what are the legal restrictions based on the user's legislation, collecting user's privacy preferences to the point of providing this information to the app integrating the module.

Currently the list of supported legislations are: GDPR (TCF 2.2), LGPD, COPPA, CPRA, PIPL, ROTW (rest of the world).

Note: New legislation support can be added easily in case of specific needs on the market.

Legislation resolving

O7CM assigns the appropriate legislation to each user based on the user's location or location overrides. Based on the user's resolved legislation, appropriate privacy preferences are collected in order to determine user's legislation restrictions within the app.

Note: Geo IP location resolving is used for this purpose so there is no need for precise geo location information collection.

Age screening

Age screening is the process of collecting the age information from the user. Based on the collected age information the user is assigned into an appropriate age audience - child, teen, adult… The age limits for the age audience are configured based on the actual age limits for specific legislations and regions. These age limits can also be overridden by the publisher.
The age audience is one of the inputs for the rest of the privacy settings collection process and business logic within the O7CM.

Note: The age is not stored on any backend system or shared with any part of the mobile app without explicit permission or intention by the publisher using O7CM.

Collection of end user's privacy preferences

Based on the user age audience O7CM may or may not collect privacy preferences from the user. What kind of preferences are being collected is dictated by the legal restrictions in each particular legislation. These privacy preferences are then used for further decision making within the module's business logic (compliance checks).

For opt-in legislations (GDPR, LGPD), O7CM offers an integrated consent management system:

  • For EEA region - IAB TCF 2.2 registered CMS and Google certified CMS.
  • For non-EEA regions (eg. Brazil) - consent management system supporting collection of consents for the partners the publisher is working with.

Opt out management system

In the opt-out legislations (eg. COPPA), O7CM provides screen for opting out of interest based advertising.

UI customizations

All of the preferences collectors can be customised based on different UI requirements. Different texts and visual elements can be used.

Note: For the TCF 2.2 collector, the customizations still need to be in line with the TCF 2.2 policies.

Compliance signals for ad monetization

Based on the user's privacy preferences O7CM determines what kind of ad traffic can be server to the user. For ad monetization purposes, O7CM provides the information whether the user is eligible only for contextual advertising or also for interest based advertising. For this decision, user's age screening information and user's privacy preferences are taken into account.

Note: The information about what kind of ad traffic can be served to the user is retrieved from O7CM by the publisher app and then used accordingly in the integration process with the publisher's ad monetization system.

Compliance business logic - compliance checks

User's privacy preferences are translated into adequate business logic offered to the apps integrating the O7CM. The translation is based on appropriate legal interpretation for each specific legislation requirement and is under the control of the legal team.
Compliance checks are exposed to the publisher app and are used whenever an app feature, that potentially has some legal implications, is accessed. This way the app developers don't bother with the actual legal requirements and business logic behind and can focus on app development.

A few examples of compliance checks that can be used by the publisher app:

  • is interest based advertising allowed
  • is in app purchase allowed
  • is app rating dialogue allowed
  • is third party user account allowed

Note: The initial list of compliance checks represents current legal challenges O7 apps are facing. The list can be expanded with additional compliance checks. Also the compliance checks business/legal rules can be adjusted based on the publisher's legal interpretations.

iOS App Tracking Transparency Framework compatibility

O7CM is aligned with the iOS ATT framework requirements. ATT popup is driven by O7CM and the information the user enters is incorporated into the user's privacy preferences information.

First party data collection

O7CM provides screens for collecting first party data. The support for collecting user's gender is available, but based on specific needs, also other 1st party data collectors can be added.

Note: 1st party data is stored within the O7CM on the client and can be used by the publisher app for specific use cases the publisher has.

User privacy lifecycle support

With O7CM integrated into an app, the whole user privacy lifecycle is supported. When the app starts for the first time, O7CM collects the user's privacy preferences according to the legislation requirements the user is subject to.
In the next phases of user interaction with the app, the app retrieves the information about the privacy related logic from O7CM.

Note: The logic related to the legal requirements is consolidated to one module, centrally driven and maintained, with the actual logic ownership under the legal team.