Consumer privacy act compliance

All versions of the Unity Ads SDK are compliant with the following consumer privacy acts:

  • The California Consumer Privacy Act (CCPA), which is effective in California starting January 2019.
  • The Virginia Consumer Data Privacy Act (VCDPA), which is effective in Virginia starting January 2023.
  • The Colorado Privacy Act (CPA), which is efffective in Colorado starting July 2023.
  • The Connecticut Data Privacy Act (CTDPA), which is effective in Connecticut starting July 2023.
  • Quebec Law 25 (QCLAW25), which is effective in Quebec, Canada starting September 2023.
  • Utah Consumer Privacy Act (UCPA), which is effective in Utah starting December 2023.

Visit our legal site for more information on Unity's approach to privacy.

The recommended best practice is to update to the latest version of the Unity Ads SDK, but this is not required, but this is not required for CCPA, VCDPA, CPA, CTDPA, Quebec Law 25, and UCPA compliance.

SDK versions 2.0 and later automatically present affected users with an opportunity to opt in to targeted advertising, with no implementation needed from the publisher. On a per-app basis, the first time a Unity ad displays, a banner provides the option to opt in to behaviorally targeted advertising. Thereafter, the user can select an information button to manage their privacy choices.

If you implement a custom consent solution in your app, you must send your users’ consent statuses to the Unity Ads SDK.

If a publisher or mediator sends us a value via the Developer Consent API, the Unity opt-in does not display. Note that users can still request opt-out or data deletion, and can access their data at any time during an ad display by selecting the Unity Data Privacy icon.

Use the following API to pass a consent flag to the Unity Ads SDK.

Note: If you have already implemented the gdpr API to solicit consent, you can also extend your implementation to users affected by CCPA, VCDPA, CPA, CTDPA, Quebec Law 25, and UCPA. Similarly, the privacy API can apply to GDPR when extended to affected users.

Tip: If the user takes no action to agree or disagree with targeted advertising (for example, closing the prompt), the recommended best practice is to re-prompt them at a later time.

Unity (C#)

// If the user opts in to targeted advertising:
MetaData privacyMetaData = new MetaData("privacy");
privacyMetaData.Set("consent", "true");
Advertisement.SetMetaData(privacyMetaData);

// If the user opts out of targeted advertising:
MetaData privacyMetaData = new MetaData("privacy");
privacyMetaData.Set("consent", "false");
Advertisement.SetMetaData(privacyMetaData);

Note: You must commit the changes to the MetaData object for each value before trying to set another value. The second parameter is an object (a string in this example). Using a Boolean value will result in an error.

iOS (Objective-C)

// If the user opts in to targeted advertising:
UADSMetaData *privacyConsentMetaData = [[UADSMetaData alloc] init];
[privacyConsentMetaData set:@"privacy.consent" value:@YES];
[privacyConsentMetaData commit];

// If the user opts out of targeted advertising:
UADSMetaData *privacyConsentMetaData = [[UADSMetaData alloc] init];
[privacyConsentMetaData set:@"privacy.consent" value:@NO];
[privacyConsentMetaData commit];

Note: You must commit the changes to the MetaData object for each value before trying to set another value.

Android (Java)

// If the user opts in to targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", true);
privacyMetaData.commit();

// If the user opts out of targeted advertising:
MetaData privacyMetaData = new MetaData(this);
privacyMetaData.set("privacy.consent", false);
privacyMetaData.commit();

Note: You must commit the changes to the MetaData object for each value before trying to set another value.