Aurion11’s Compliance Solution is a standalone solution that can be integrated into Android or iOS apps and is controlled by a robust backend governance system offering a multitude of features. It encapsulates the business logic required by the legal requirements of the supported legislations.
It’s important to note that this business logic is managed by legal experts and should be customized on a per-publisher basis. As a publisher, O7 has made its own decisions regarding legal compliance, and the same flexibility applies to other publishers using Aurion11’s Compliance Solution.
More than consent management platform
It’s important to recognize that Aurion11’s Compliance Solution is more than just a consent management platform – it takes a comprehensive, global approach to various legislations. It supports both opt-in regulations (e.g., CMS for TCF 2.2, LGPD) and opt-out regulations (e.g., COPPA). Aurion11’s Compliance Solution manages the entire process, from determining the legal restrictions based on the user’s location, collecting their privacy preferences, to delivering this information to the app that integrates the module. Currently the list of supported legislations are: GDPR (TCF 2.2), LGPD, COPPA, CPRA, PIPL, ROTW (rest of the world).
Note: New legislation support can be added easily in case of specific needs on the market.
Legislation resolving
Aurion11’s Compliance Solution assigns the appropriate legislation to each user based on the user’s location or location overrides. Based on the user’s resolved legislation, appropriate privacy preferences are collected in order to determine user’s legislation restrictions within the app.
Note: Geo IP location resolving is used for this purpose so there is no need for precise geo location information collection.
Age screening
To make regulatory-compliant decisions about how a publisher’s user data is processed, age information may be required, depending on the publisher’s user base. Publishers categorized as having a mixed audience must implement age screening.
Aurion11’s Compliance Solution provides a flexible solution for collecting user age data in a privacy-conscious manner. Like all privacy preference collection steps within Aurion11’s Compliance Solution, this process is configurable and can be enabled or disabled based on specific legislative requirements in different countries or the publisher’s needs.
Age screening involves collecting the user’s age information, which is then used to assign the user to an appropriate age group—such as child, teen, or adult. The age limits for these categories are configured according to the legal requirements of various regions, though publishers have the option to override these limits.
Note: The age is not stored on any backend system or shared with any part of the mobile app without explicit permission or intention by the publisher using Aurion11’s Compliance Solution.
Collection of end user’s privacy preferences
The process of collecting user privacy preferences involves gathering information about users’ privacy choices in the form of consent or opt out choices. The specific preferences collected are determined by the legal requirements of each legislation and the publisher’s decisions on how to manage user data.
Throughout the collection process, various screens are presented to the user to collect consent or opt out choices. The publisher has the option to use the information collected about the user (e.g., user age from the age screening step) to enable or disable certain consent collection steps or even configure custom consent screen setups and rules.
The gathered privacy preferences are securely stored on the client, ensuring user privacy, and are then used for decision-making within the module’s business logic (such as compliance checks).
Consent management system
For opt-in legislations (GDPR, LGPD), Aurion11’s Compliance Solution offers an integrated consent management system:
- For the EEA region - IAB TCF 2.2 registered CMS and Google certified CMS.
- The Google Additional consent string - additional consent collection support for Google’s non IAB partners.
- For non-EEA regions (e.g. Brazil) - consent management system supporting collection of consents for the partners the publisher is working with.
The above screens illustrate how TCF 2.2 consent collection can be configured in Aurion11’s Compliance Solution. The screens are customizable to align with the publisher’s branding, and importantly, publishers can also display specific legal notices as needed.
Opt out management system
In the opt-out legislations (e.g. COPPA), Aurion11’s Compliance Solution provides screens for opting out of interest based advertising.
UI customizations
All of the preferences collectors can be customized based on different UI requirements. Different texts and visual elements can be used.
Note: For the TCF 2.2 collector, the customizations still need to be in line with the TCF 2.2 policies.
Compliance signals for ad monetization
Aurion11’s Compliance Solution determines the type of ad traffic that can be served to the user based on their privacy preferences. For ad monetization, it specifies whether the user is eligible for contextual advertising only, or if interest-based advertising can also be shown. This decision can be made by considering the user’s age screening information and privacy preferences.
Note: The information about what kind of ad traffic can be served to the user is retrieved from Aurion11’s Compliance Solution by the publisher app and then used accordingly in the integration process with the publisher’s ad monetization system.
Compliance business logic - compliance checks
The user’s privacy preferences are converted into the relevant business logic provided to apps integrating Aurion11’s Compliance Solution. Compliance checks are translations based on the correct legal interpretations of each specific legislative requirement and are managed by the legal team.
Compliance checks are made available to the publisher’s app and are triggered whenever a feature with potential legal implications is accessed. This allows app developers to focus on app development without having to worry about the underlying legal requirements and business logic.
These compliance checks take into account the privacy preferences publisher chooses - these can be user’s age, consent and/or opt-out information and any additional legal requirement for a specific regulation that the user was resolved to.
A few examples of compliance checks that can be used by the publisher app:
- is interest based advertising allowed
- is in app purchase allowed
- is app rating dialogue allowed
- is third party user account allowed
- …
Note: The initial list of compliance checks represents current legal challenges Aurion11’s Compliance Solution apps are facing. The list can be expanded with additional compliance checks. Also the compliance checks business/legal rules can be adjusted based on the publisher’s legal interpretations.
iOS App Tracking Transparency Framework compatibility
Aurion11’s Compliance Solution is aligned with the iOS ATT framework requirements. ATT popup is driven by Aurion11’s Compliance Solution and the information the user enters is incorporated into the user’s privacy preferences information.
First party data collection
Aurion11’s Compliance Solution provides screens for collecting first party data. The support for collecting user’s gender is available, but based on specific needs, also other 1st party data collectors can be added.
Note: 1st party data is stored within the Aurion11’s Compliance Solution on the client and can be used by the publisher app for specific use cases the publisher has.
User privacy lifecycle support
With Aurion11’s Compliance Solution integrated into an app, the entire user privacy lifecycle can be managed. Upon the app’s first launch, Aurion11’s Compliance Solution gathers the user’s privacy preferences based on the legislative requirements that apply to them.
During subsequent interactions with the app, the app can retrieve the relevant privacy-related information and logic from Aurion11’s Compliance Solution.
Note: The logic related to the legal requirements is consolidated to one module, centrally driven and maintained, with the actual logic ownership under the legal team.