IBM Mobile App Messaging supports General Data Protection Regulation (GDPR) requests for erasure. When a GDPR request for erasure is made by a user, Watson Campaign Automation (WCA) customers can use the GDPR Right to Erasure API to erase the user’s personal data from WCA, Mobile Customer Engagement (MCE), and the user’s device. The API sets the user’s status to “GDPR forget” and the SDK’s state to “GDPR reset”. If the SDK is not re-registered with the MCE server, the SDK stops performing specific functions for the user, such as:

  • Delivering mobile app messages
  • Updating and deleting user attributes
  • Sending events
  • Displaying inbox messages and in-app messages

To determine “GDPR reset” state, developers can check the response/callback from the following APIs:

  • iOS – MCERegistrationDetails.sharedInstance.userInvalidated
  • Android – MceApplication.onSdkReinitializeNeeded
  • Cordova – MCEPlugin.userInvalidated
  • Xamarin.Forms – SDK.Instance.UserInvalidated

Responding to users in “GDPR reset” state

If “GDPR reset” state is true, you can use the autoReinitialize option to specify how the SDK behaves after erasing the user’s personal data. In iOS, Android, and Xamarin, the option is set in MceConfig.json, and in Cordova, the AUTO_REINITIALIZE variable is set when adding the Cordova plug-in.

Set autoReinitialize to one of the following values:

  • true (default value) – Automatically registers the SDK with MCE and obtains a new userId and channelId for anonymous application use when the application is next brought to the foreground. The SDK resumes functions, such as delivering messages and sending events, and collects the user’s personal data anonymously.
  • false – Restricts the SDK from automatically registering with MCE. Developers must decide how they want the SDK to respond on application startup. For example:
    • Continue to restrict SDK functionality and data collection for the user.
    • Request permission from the user to collect data anonymously. If the user grants permission, the developer can re-enable MCE integration, re-register with MCE, and start collecting new user ids. See the following sections for instructions for your platform.
      iOS
      Execute the MCESdk.sharedInstance.manualInitialization method in iOS.

          if(MCERegistrationDetails.sharedInstance.userInvalidated) {
              [MCESdk.sharedInstance manualInitialization];
          }
      

      Android
      Override MceApplication.onSdkReinitializeNeeded by calling the MceApplication.reinitialize method.

      If you want to override the application, you can call Mce.init with a SdkInitLifecycleCallbacks instance that implements onSdkReinitializeNeeded.

                  @Override
                  public void onSdkReinitializeNeeded(Context context) {
                      // In this method the decision whether to reinitialize the sdk is made
                      boolean reInit = shouldReinitializeSdk();
                      if(reInit) {
                          MceApplication.reinitialize(context);
                      }
                  }

      Cordova

      MCEPlugin.userInvalidated(function(invalidated) {
      	if (invalidated) {
      		MCEPlugin.manualInitialization();
      	}
      });

      Xamarin.Forms

       if (SDK.Instance.UserInvalidated())
                  {
                      SDK.Instance.ManualSdkInitialization();
                  }

    Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.

    The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

    Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings here: https://ibm.com/gdpr

    Join The Discussion

    Your email address will not be published. Required fields are marked *