Consent Management: auction not cancelled for vendor not in tcf string #10359
Comments
|
The CMP reports "legitimate interest" for purpose 2, so the user choice is ignored.
Also, |
|
It seems expectation and reality do not match: Expectation: Prebid only fires bidders if purpose has consent/LI AND the vendor has consent/LI Reality: Prebid only fires bidders is the purpose has consent/LI At least from an IAB TCF perspective that can be an issue (TCF policy says something like vendors shall only call other vendors if they know that this vendor has a legal basis) |
|
Small correction @janwinkler -
Prebid only runs bidders if we have
The expectation, I believe, is that the second clause should check for purpose and vendor LI. |
|
@dgirardi yes that's even more confusing ;-) |
Type of issue
Bug, submitted on behalf of another user
Description
Enforcement not excluding vendor with no consent in tc string
Steps to reproduce
Go to https://www.dagenshultsfred.se/?pbjs_debug=true
Visit the page from the EU (module not configured worldwide), click on accept all
Click on the button in the lower left corner to change my settings
In the CMP go to one of the tcf purposes and disable AdForm
Save the consent and reload the page
Example TC String that I get:
CPwcAjAPwcAjAAfOUBDEDSCgAPLAAHLAAAigJMpB9G5USSBDAGpjYosEYAEW5lBoQyAgAgAAAoAACDKAIAQAEEAgIAAAICgAAAAAIEIAAAEIAAAAAAAAIIABAACIAACAIAAAAAAAAAAAQEAAAAAIAAAAAAAAAAAEAAAAgAAAABAIAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIJMpB9G5USSBDAGpjYosEYAEW5lBoQyAgAgAAAoAACDKAIAQAEEAgIAAAICgAAAAAIEIAAAEIAAAAAAAAIIABAACIAACAIAAAAAAAAAAAQEAAAAAIAAAAAAAAAAAEAAAAgAAAABAIAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA4KAGAAuARABEgJkCQAwAFwCIAIkBMgaAGAAuARABEgJkEQAwAFwCIAIkBMg6AGAAuARABEgJkJQAwAFwCIAIkBMhSAGAAuARABEgJkA
https://iabtcf.com/#/decode shows adform, vendor 50, is not on the list of consented vendors.
Test page
Expected results
Expected outcome:
I’d thought I should not see any calls to adform (https://adx.adform.net/adx/openrtb) anymore.
What I can see, is that the publisher has allowAuctionWithoutConsent on. My understanding is that this enables one to run the auction before the tc string is ready (but should stop the auction if the tc string is ready and the vendor does not have consent/no LI).
Actual results
Adform bidder endpoint is clled
Platform details
js 8.5, consentmanagement and gdpr installed
Other information
Possible dupe of #6267 (comment) ; enforcement doesn't appear to be explicitly configured, but user expects their configuration would cause this enforcement.
The text was updated successfully, but these errors were encountered: