Top 5 privacy challenges for Apps and Games publishers in 2024

Consumers downloaded 255 billion mobile apps to their devices last year, and in the same year the mobile gaming market was worth US $140.5 billion. Most of us are online on the go, so it’s incredible that the mobile apps and gaming market has lagged behind on data privacy for so long. Not anymore.

Sure, increasing regulation, consumer demand, and the influence of big tech companies has helped drive prioritization and adoption of data privacy and consent management in mobile apps and games. But the real driver is revenue. Publishers and developers are realizing that data privacy compliance is great for the bottom line.

The mobile app and game industries have seen a lot of change in 2023, and it’s not slowing down. Let’s take a look at the challenges mobile publishers are facing in 2024.

User consent for collection of personal data in apps and games has often been, at best, a mere formality, if it was addressed at all. But it is evolving to form a central pillar of development and marketing operations. Increasing global awareness about digital privacy and concerns about control and protection of data are driving this shift, accompanied by increasing coverage of privacy regulations.

Additionally, pressure from business sources like premium advertisers and Google is increasing. They are insisting on proof of consent to enable access to top tier inventory, making consent a direct driver of monetization and ongoing revenue.

Developers taking a privacy-first approach to apps and games will not only contribute to revenue generation, but it’s also important to build trust and improve user experience. Organizations that make privacy by design central to their operations are setting themselves up for success, in terms of avoiding regulatory violations, meeting critical partner requirements, and in attracting and growing a dedicated audience.

Learn more: Mobile app monetization: Google AdMob in the mobile advertising market

The Digital Markets Act (DMA) is also bringing major changes to European digital markets, as the designated gatekeeper companies — Alphabet, Amazon, Apple, Bytedance, Meta, and Microsoft — which have billions of mobile users among them, have new data privacy responsibilities.

To achieve DMA compliance, these companies will need to require compliance actions from third parties that use their platforms and services as well. So companies that want to continue advertising with Google or Facebook, for example, will need to ensure that they not only obtain valid consent from users, they need to be able to signal it to the gatekeepers’ platforms.

One of Google’s requirements to meet this is the latest version of Google Consent Mode to enable consent signaling, and the use of a Google-certified consent management platform (CMP) on websites and apps, with Consent Mode activated.

Learn more: Usercentrics CMP supports Google Consent Mode V2

The IAB’s latest version of the Transparency and Consent Framework, the TCF 2.2, was launched in 2023, and it brought a number of challenges to mobile advertising. The latest rules require app publishers to capture consent for cookies or mobile identifiers to deliver personalized and non-personalized ads.

Learn more: TCF v2.2 and Mobile Advertising: Adapting to the new landscape for app publishers

Additionally, in 2024, Google will also be requiring publishers using its products — including Google AdSense, Ad Manager, or AdMob — to use a Google-certified CMP when serving ads to users in the EU, EEA or UK. Certified CMPs will also need to integrate with the TCF 2.2.

Learn more: Usercentrics is among the first CMPs to receive Google’s new certification for publishers

It’s increasingly common for us to have multiple mobile devices and to engage with apps on all of them. It’s annoying when each platform doesn’t “talk” to any of the others, however. We want seamless online experiences, and personalized ones at that, but we want to be in control.

Consumers are increasingly willing to take their business elsewhere and uninstall apps if they don’t feel like their privacy is respected. Research has shown two-thirds of mobile users have uninstalled an app over privacy concerns.

Conveniently, data portability is a key right in many modern data privacy laws, which makes it even easier for consumers to switch platforms and apps to those that they trust.

Managing data privacy and consent across devices becomes more complex as more platforms are introduced. Especially since operating systems may change, and when all of our apps come from different publishers with different technical capabilities.

App publishers need to develop sophisticated mechanisms to track users across devices, while at the same time respecting user privacy and recognizing consent preferences on all platforms. As required by a number of regulations, apps also need to enable users to change or withdraw previously given consent at any point in the future, which would need to be respected across platforms.

Data collection that’s been going on would also need to be stopped immediately if consent was revoked, which would also need to be communicated to all relevant devices and apps.

Artificial intelligence (AI) is inescapable these days, and AI is being integrated into mobile apps as well. As with other platforms, this has raised privacy concerns with increased use of automated decision-making and targeted profiling. Some data privacy laws require explicit user consent before any automated decision-making happens, and ban it entirely for users who are children or when sensitive personal data could be used.

Publishers need to ensure that they communicate transparently with users, so people know if AI tools or algorithms are in use, for what purposes, what data they use, what decisions may be driven by them, and who may have access to the resulting information.

Users also need to be given the ability to opt out of AI-driven decision-making, like targeting or personalization, if they are not protected by privacy regulations with an opt-in model where consent is required to use AI tools in the first place.

It has been entirely too common for publishers to collect all the data they want, without obtaining consent from users or even notifying them. But users typically also haven’t known what happens with their data or who else has access to it.

Even now, users will be faced with notices that request consent to share user information with “trusted partners”, not including the details that some companies can have hundreds of third-party “partners”.

As privacy regulations tighten up globally, app and game developers and publishers will need to become far more careful and strategic about managing consent, but also about which third parties, including advertisers, have access to the data. Even if app and game providers are transparent about consent requests at a granular level, and list out all their third-party partners, users may be anything but inclined to say yes upon seeing an endless scroll of companies they’ve never heard of that are hungry for their data.

Beyond that, sometimes additional parties are nested in functionality, for example, in some marketing cookies, so even more entities than can be seen could be in line for users’ data without users’ knowledge. Only deep scanning can bring the full complement of data processing services to light.

Publishers and developers may need to put more rigorous vetting practices in place for third-party partners, advertisers, and others, and put extra effort into ensuring consent policies and mechanisms are detailed enough to meet the “informed” requirement of many laws’ conditions for valid consent.

Gartner has predicted that 75% of the world’s population will have data privacy protections by the end of 2024. Data privacy is no longer a niche crusade by a few organizations or governments. Some regions, like in the European Union, have multiple laws to protect consumers and their right to privacy.

Commonly, data privacy laws protect residents of the region where they are enacted, and are extraterritorial. This means that a European Union law like the General Data Protection Regulation (GPDR), for example, protects the personal data of residents of the EU. It doesn’t matter if the companies that want access to that data are based in the EU or not. If they have EU-based visitors, users, customers or players, they have to comply with the GDPR.

This has enormous potential implications for mobile apps and games, because consumers online can be located anywhere, especially mobile app users. So a single developer or publisher located in the United States, for example, may have app users around the world, and thus responsibilities for data privacy compliance with any number of non-US privacy regulations.

While geolocation functionality can help with displaying the correct information and consent options to the right user at the right time, it’s still potentially a piecemeal approach. Robust and flexible data privacy frameworks are needed that can be adapted to regional, national, or industry-specific laws.

This will enable publishers to stay focused on their core business while being able to adapt their data privacy and consent operations as laws change. Especially since many small shops do not have significant targeted technical or legal expertise in-house for constant data privacy compliance maintenance.

The need for user consent has become unavoidable, with regulations, user expectations, and business requirements. You don’t need user consent to get app and game installs, but more and more consumers will uninstall apps if they have data privacy concerns. And to be able to monetize your apps and games, consent is required.

Smart publishers don’t see consent as a necessary evil. They are embracing data privacy and consent management, making them central to their operations. Consent is driving acquisition of quality user data, downloads, long-term customer loyalty, monetization strategies and revenue growth.

Smart developers and publishers are building with a privacy-first approach that will protect their operations from fines and other penalties now and in the future. But it will also streamline operations to enable them to easily adapt to the changing technical and legal landscape, while staying focused on their core business and attracting premium advertisers for greater revenue opportunities. Achievement unlocked.