KNOWLEDGE BASE

Monetization solutions and consent management for mobile apps

Explore this knowledge base where we deep dive into the ethical way of monetizing your mobile applications. Learn about Quadrant's location data monetization program complete with an integrated CMP. Build a user-centric system that helps you open up an additional revenue stream while staying compliant with data privacy regulations.

App monetization & consent management - Table Of Contents

1- Introduction

2- About app monetization with location data

What is mobile app monetization?

Alternative app monetization methods other than ads

Monetizing your app by sharing anonymised location data

How can you ensure that your users' data is not being used for nefarious purposes?

3- About consent management

What is user consent?

Importance of user consent

Process of consent management

4- About consent management platforms

Why do you Need a Consent Management Platform?

5- Best practices of consent management

6- Quadrant's solutions for app publishers

Monetize your apps ethically with our location data monetization program

Put user privacy at the forefront of your monetization programs 

7- Consultation and FAQs

INTRODUCTION

In today's intricate digital economy, customers have more choices than ever. To remain profitable and maintain sustainable revenue streams, app publishers need to reduce customer churn, retain existing users, and improve their lifetime value. But why do customers turn away from a business?

Modern app users are driven by experience - ease of use, innovation, speed, consistency, and the most important of all, trust. To deliver personalised experiences, businesses leverage data collected on digital platforms like websites and mobile applications. While this data can fuel growth, users will get frustrated and question your business integrity if there are no constraints on using their data. Acknowledging your users, respecting their privacy, and seeking their permission can create exceptional business value with minimum user frustration. However, most business owners are not sure how to address privacy and consent.

The current regulatory environment further complicates things. For example, consent violations under GDPR are classified under the category 'Insufficient legal basis for data processing.' So far, more than 150 fines amounting up to well over €120 million have been levied under this category. The law expects businesses to be compliant, which takes resources away from their primary business activities.

Through the following chapters, we will learn about ethical ways to monetise your apps without ads, know about consent management, and learn how to manage consent in mobile apps so you can build a consistent revenue stream without violating user privacy.

Follow us on LinkedIn to get stay up-to-date on consent management, or contact us to talk to our monetization experts directly.

 


ABOUT APP MONETIZATION WITH LOCATION DATA

1. What is mobile app monetization?

Mobile app developers and publishers use various methods to generate revenue. For paid apps, this is generally more straightforward, as users pay to use these apps. However, for free apps, mobile app publishers need to integrate ads or sell user data to make money.

2. Mobile app monetization without ads

Ads are the most popular methods of monetization for mobile app publishers. However, too many ads are known to cause user frustration and churn. Indeed, many surveys indicate that ad overload is one of the primary reasons users uninstall apps. To retain users, app publishers must look into alternative methods like monetizing anonymous mobile location data.

3. Monetizing your app by sharing anonymised location data from your app

Location data presents a myriad of opportunities for business owners. Understanding the movement patterns of customers helps businesses effectively promote their products and services at the right place, at the right time. Companies get this data from app publishers and developers who collect anonymized GPS signals from mobile devices. With a network of publisher partners, companies like Quadrant collect mobile location data and grow our data volumes. In turn, our mobile app partners generate passive income by becoming data suppliers.

1. Is collecting location data legal?

Unlike user demographic data or any other Personally Identifiable Information (PII) apps collect, Quadrant does not collect any data that can tie back to a user's identity. With the right consent management as required by data privacy regulations like GDPR, CCPA etc., app publishers can share and monetize location data without worrying about infringing on user privacy.

2. Why should you trust Quadrant with your users' location data?

Quadrant is a global leader in location data and intelligence solutions. Our location data is used by companies all around the world to solve a myriad of real-world issues. Large companies leverage it to optimise sales, marketing ROI, and expansion plans. Location data also helps solve challenges such as public transport management, disaster management, social studies, and bridging economic gaps, among many others. Quadrant is the only location data company that leverages blockchain technology to stamp data to its origin, so we know exactly where our data comes from and where it goes. We also provide a free consent management platform that collects and manages the entire lifecycle of user consent within your apps.

4. How can you ensure that your users' data is not being used for nefarious purposes?

The location data collected via your apps is anonymised and does not reveal anything about the user. In fact, companies who purchase data from us do not buy it because of any user data, and most companies use historical data over years or months to understand movement patterns. There's no real-time tracking. The only data that is personally identifiable (according to some regulations) is the ad ids (IDFA or AAOD) from the respective OS providers. Users, however, can easily change this id from time to time, or it is auto-updated when changing or resetting their devices.

Most data scientists use a group of location data points to make conclusions about people's behaviour based on how they move within an area. These are great insights for advertisers and companies looking to make the most of their budgets. Moreover, location data is extensively used to monitor traffic congestions, build better transport systems, ensure the availability of necessities like education, healthcare for underprivileged and underserved sections of the society, build better neighbourhoods in terms of infrastructure and services, create disaster management strategies and many other essential use cases.

Imagine a world where this wealth of data remains untapped just because of the lack of clarity about the data market. Misuse of user data is not unheard of; however, when ethically sourced and with the correct compliance measures, anonymised location data does not infringe user privacy.


ABOUT CONSENT MANAGEMENT

Used properly, data can potentially cure cancer, close the wage gap, and prevent us from catching an infectious disease (like Covid-19). But the misuse of personal data is all too common. In the last few years, we have seen many examples where businesses and governments violated the spirit - and often the letter - of privacy laws.

The data breach at Equifax, the Facebook–Cambridge Analytica data scandal, reports about audio data collected by smart speakers like Amazon Echo, privacy concerns around DNA data collected by 23andMe, and countless other incidents have escalated people’s concerns around the misuse of their personal information.

As a result, regulatory bodies worldwide have introduced strict compliance mandates to control how businesses collect and manage data. Data collectors should obtain explicit consent from consumers before using their personal information, and failure to comply can lead to monetary fines, reputation damage, and lawsuits.

Over 100 countries have enacted data privacy laws, of which at least 41 mention user consent specifically. Some of the regulations that have stringent conditions for gathering user consent are:

  • 1- European Union's General Data Protection Regulation (GDPR)
  • 2- California Consumer Privacy Act (CCPA)
  • 3- Brazilian General Data Protection Law (LGPD)
  • 4- Australia's Privacy Principles/Privacy Act (APP)
  • 5- Singapore's Personal Data Protection Act (PDPA), and more.

1. What is User Consent?

Regulations define “user consent” differently.

Broadly speaking, user consent is the agreement for storing, using, and transferring an individual's data by businesses, researchers, healthcare providers, and more.

For a long time, data acquisition on digital platforms was mostly unregulated. Simply visiting or browsing websites or mobile applications was considered as implied consent for data processing and usage.

However, the increase in the collection of people's private information for business gains brought along concerns around data rights and privacy. Under various data privacy regulations, the processing of user data requires explicit informed consent. Apart from being a regulatory requirement, explicit user consent has now become the baseline for the ethical use of data to deliver personalised offerings, create meaningful conversations, or simply improve customer experience.

2. The Importance of User Consent

The data collected on digital platforms can provide powerful insights, helping businesses make better, profitable decisions. But with the increased awareness and concerns around data privacy, you now need permission to use your user's data. 

Establishing a framework for ethical use is critical, especially when it comes to personally identifiable information. Data privacy laws like GDPR, CCPA, etc. have highlighted this need for privacy and how user data should not be considered a free-for-all resource. These regulations put the users in control of their information, and there are strict penalties for processing their data without valid consent.

Moreover, user-consent is the new currency of trust. To earn consumers' trust and business, companies need to exhibit their seriousness towards data integrity.

In a recent report, Gartner predicts that in 2023, brands that put in place user-level control of marketing data will reduce customer churn by 40% and increase lifetime value by 25%. Customer churn can be reduced by giving users more control, not less, over their data.

Ref: Gartner Predicts 2019: In Search of Balance in Marketing

3. The Process of Consent Management

We have established the need for ethical data use and introduced the concept of consent. In practical terms, businesses need to build a new a whole new process of gathering user consent and handling its entire lifecycle within your digital platforms.

This process is called Consent Management. It helps your business to gain consumers’ consent to use, store, manage, and share their data while allowing them to modify or opt-out of their earlier preferences at any point in time.

Step 1 – Inform your users that their data is being collected.
Step 2 – Provide them information about what data points are being collected.
Step 3 - Allow users to decide if they agree to the specific purposes of data processing.
Step 4 – Record consent data in an accessible format with a timestamp.
Step 5 – Allow users to change previous permissions or to withdraw consent.
Step 6 – Provide users with options to request access or deletion on their data.

But how do you build these settings and capabilities into your digital products and websites? How do you efficiently record, manage, and lawfully process user data? How do you provide your users with the option to modify or opt-out of earlier agreements and maintain an accurate record of consent-related activities?


ABOUT CONSENT MANAGEMENT PLATFORMS

What is a consent management platform? A Consent Management Platform (CMP) is an automated solution that manages the entire lifecycle of permissions around the usage of an individual’s personal data. A CMP helps you...

      • - Manage the entire lifecycle of the choices a user makes with your digital platform. 
      • - Save time, cost, and effort required to manage consent manually. 
      • - Build user trust with a transparent data collection process. 
      • - Improve data quality by gathering genuine interest from users. 
      • - Maintain a record of all consent activities to respond to audits when needed. 
      • - Stay compliant with data privacy laws and avoid non-compliance penalties. 
      • - Focus on core business without having to reallocate resources for compliance. 
      •  

1. Why do you Need a Consent Management Platform?

1. You are in the Data Monetisation Business

All businesses today use data to derive insights that can help them grow. Some companies acquire this data from other sources, while some generate their own (for example, mobile application publishers). Data monetisation is the process of identifying value and creating revenue from data. Data collectors can also monetise their data by exchanging or selling it or use it to boost advertisement efforts to resell/upsell to their own customers, and more.

With increasing awareness around data privacy and rights, data collectors have a great responsibility at their hands. Businesses now need to incorporate greater transparency into consumer data collection to use this data ethically. According to Gartner’s Top 10 Trends in Data and Analytics for 2020 - By 2022, 35% of large organisations will be either sellers or buyers of data via formal online data marketplaces, up from 25% in 2020. To monetise data assets through data marketplaces, data and analytics leaders should establish a fair and transparent methodology by defining strict data governance and compliance policies.

2. The Regulatory Landscape is Very Consent-Focused

Data privacy regulations have changed how businesses acquire and use user data. Unlike before, your app's continued usage or browsing your website is not considered a valid expression of consent. Data privacy laws such as the GDPR and the CCPA require that:

- Businesses gather explicit consent and maintain proof-of-consent records.
- Users are presented with the choice to allow, restrict, or deny the collection of their data.
- Users must be able to modify their consent parameters or opt-out of previous consent agreements.
- Businesses delete all data related to a user at the user's request.

Businesses should conduct periodic privacy assessments, upgrade consent procedures with changing guidelines, and document each step of the consent lifecycle to respond to audits when required. Failure to comply with consent conditions and audit deadlines can incur monetary penalties and legal consequences.

gdpr

General Data Protection Regulation

Introduced in 2018, the European Union's GDPR, demands that companies ask for consent upfront and failure to comply can cost up to €20 million or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. These fines apply to the infringement of the basic principles for processing personally identifiable information, including conditions for consent, under Articles 4, 6, 7, and 8, 9, and 13, etc.

CCPA-1

California Consumer Privacy Act

The CCPA requires businesses to specifically inform consumers about what data is being collected and for what reason. Companies must also give consumers explicit notice and an opportunity to opt-out before re-selling personal information. The CCPA also prohibits selling personal information of a consumer under 16 without consent. Under CCPA, businesses can face a penalty of $2,500 per violation, or up to $7,500 per violation if intentional.

Screenshot 2021-03-10 at 12.10.55 PM

Australia Privacy Act

Based on the APP The deliberate or accidental misuse of personal information; for example, the collection or disclosure of private information about an individual, without the individual's consent can lead to fines up to $2.1 million for serious or repeated breaches, to the greatest of $10 million or three times the value of any benefit obtained through the misuse of information or 10% of a company's annual domestic turnover.

Singapore’s Personal Data Protection Act

Singapore’s Personal Data Protection Act

The PDPA requires organisations to obtain the consent of the individual before collecting, using, or disclosing their personal data and the purpose for which the personal data is collected. Individuals must also be allowed to withdraw consent at any time. The violation of consent terms under PDPA can allow the Personal Data Privacy Commission to levy a penalty of up to S$1 million.

3. Doing it Yourself can be Challenging

Managing user consent for a large volume of users cannot be done manually and must be automated. Data businesses must have deep legal expertise and technical know-how to establish a consent management system. And both of these must integrate well with their digital platforms. Like with any technology solution, there are two options to implement a CMP: build or buy.

If you are a small-medium business or an independent app developer, you might not have the in-house expertise to build your own consent management platform. Even if you manage to develop one, the cost, effort, and time required to keep it up to date can be taxing. Moreover, the diversity in data privacy regulations requires legal expertise, and your obligations don't end once consent is obtained. You must keep up with changes in regulatory guidelines and new laws as they are introduced.

It is faster, easier, and cost-effective to use a plug-and-play solution. A configurable, third party CMP can be a self-sufficient tool that offers your users complete choice and control over their data while ensuring compliance and minimising your business liability.


BEST PRACTICES OF CONSENT MANAGEMENT

Given the high stakes compliance environment and the need for a user-centric approach, consent management should be at the core of your data operations. Here are some best practices to establish an effective consent management system:

1) Assess privacy regulations applicable to your country, region, or industry and the terms and conditions for user consent.

2) Build a transparent framework to let users permit or prevent the collection of their data and modify permissions with ease.

3) Maintain a record of when consent was obtained, altered, or withdrawn and ensure the security and integrity of these records.

4) Keep consent collection requests separate from generic terms and conditions and avoid technical and legal jargon.

5) Design a simple and uncluttered interface to avoid user frustration keeping smaller form factors and devices in mind.

6) Assess the costs, expertise, and effort required to build an in-house CMP and plan for periodic updates and upgrades.

7) Seek a plug-and-play solution to make up for the lack of in-house legal and technical expertise.


QUADRANT'S SOLUTIONS FOR APP PUBLISHERS

1. ETHICALLY MONETIZE YOUR APP WITH OUR LOCATION DATA MONETIZATION PROGRAM

Quadrant’s monetisation program is a great way to diversify your revenue streams. We gather mobile location data through app publishers, from opt-in, first party mobile devices via an S2S integration. An S2S integration can be established with minimal hassle for a long-term, sustainable revenue source for your app. This is a great way to generate a passive income while allowing your users to use the app without ads – though in-app ads still remain available as additional options. The best part, our monetisation program allows you to leverage a free consent management SDK that ensures compliance with data privacy laws and consented use of your users data.

1. Why should you choose Quadrant's location data monetization program?

Easy integration: Minimize the resources, effort and overhead associated with SDK integration and maintenance, with one time S2S integration.

Keeps you compliant with data privacy regulations and consent conditions: Stay compliant with the applicable data privacy laws and consent conditions around the use, collection, and disclosure, of user data within GDPR, CCPA and other major regulations from around the globe.

Integrates easy:  Share location data with us via an AWS S3 bucket via a Server-to-Server integration that uses your existing server side infrastructure saving you any additional investments..

Data we Collect: Google AD-ID / Apple IDFA, User-Agent (Device Type, OSs), Latitude, Longitude, Country Code, Timestamp, Horizontal Accuracy

2. PUT USER PRIVACY AT THE FOREFRONT OF YOUR MONETIZATION PROGRAMS 

Unrestrained use of personal information is no longer a viable way of monetising your digital platforms. Visitation, continued browsing, and accepting cookies are no longer a form of agreement for harvesting users' data. Businesses need to respect user privacy and do not have the luxury to ignore the importance of consent collection. Implementing a consent management platform fosters a user-centric data culture and helps establish compliance with privacy laws, avoiding unwelcome attention from regulators. This culture can give you an ethical and fair usage edge, earning you the trust of customers and resulting in business growth.

The Quadrant Consent Management Platform (QCMP) is a free, fully featured CMP tailored to mobile application publishers and developers. It covers the whole user consent lifecycle. You can choose to integrate our CMP depending on whether you are already using an in-house or third party CMP. QCMP is certified by the IAB's Transparency and Consent Framework and ensures fair collection and usage of consumer data. In QCMP, each consent interaction is recorded on an immutable blockchain, ensuring that you are always audit-ready. The best part: QCMP can be added with only a few lines of code into an Android or iOS application, saving time, costs, and effort.

Learn More about Quadrant's App Monetization Solutions

Ready to add an ethical, hassle-free revenue stream to your business? Check out our guide to S2S integration and a step by step guide to install the QCMP SDK into your apps. To get started with the integration, please provide your information below and our monetisation experts will be happy to answer any questions and get you started.

 

FAQs

1- How much money can I make with the location data monetization program?

Publishers are compensated based on average Daily Active Users (aDAUs) and the origin of the data signals. The minimum number of datapoints that can be supplied is 1000. For e.g. 1000 aDAUs in the US, Europe, and elsewhere, publishers get a minimum of 15 USD, 10 USD, and 3 USD respectively*.

*amounts are examples only, actual payments might vary based on time, region etc. on Quadrant's discretion.

2- How can I integrate QCMP with my mobile app?

It is very simple and only takes a few lines of code. Check out the CMP SDK integration guide to get started.

3- Who are the companies Quadrant sells data to?

Quadrant has many customers across the globe. Our customer industries range from market research and intelligence firms, academic research and social studies, marketing and ad-tech companies, urban planning and public services agencies etc. We often feature them and the work they do with our location data in our customer success stories and use cases. You can read them here.

4- Can app users be tracked using the location data?

No. Companies use millions of data points for their analysis and studies to make assumptions about the behaviour of people as a group. For example, how many people visited Disney World in the summer of 2019 vs how many visited during 2020, to create better safe distancing measures, understand public movement to build facilities (such as toilets, shelters etc.). Most often, this data is used historically and not in real-time. There's no context about demographics added to the information we collect, so it is impossible to track an individual user and their activities.

5- Can QCMP provide an audit trail?

Yes! With QCMP, you can leverage an immutable blockchain ledger of your consent lifecycle that is readily available for compliance audits.