-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AzerionEdge RTD Module: Compatibility with GDPR/USP Privacy Modules #11775
Conversation
### Type of change [x] Feature: New RTD Submodule ### Description of change Adds new Azerion Edge RTD module. Maintainer: azerion.com Contact: @garciapuig @mserrate @gguridi
Type of change: Documentation/Feature Description of change: Specifying new required parameters on documentation. Updating examples.
- Added GDPR validation. - We validate against ImproveDigital vendor ID consent and several purposes. - We don't load edge script, nor process the existing data, if consent wasn't given. - Adding support for USP consent.
modules/azerionedgeRtdProvider.js
Outdated
function getVendorsConsented(userConsent) { | ||
const consents = userConsent?.gdpr?.vendorData?.vendor?.consents || {}; | ||
return Object.entries(consents).reduce((acc, [vendorId, consented]) => { | ||
return consented ? [...acc, vendorId] : acc; | ||
}, []); | ||
} | ||
|
||
/** | ||
* List the purposes consented coming from userConsent object. | ||
* | ||
* @param {Object} userConsent | ||
* | ||
* @return {Array} | ||
*/ | ||
export function getPurposesConsented(userConsent) { | ||
const consents = userConsent?.gdpr?.vendorData?.purpose?.consents || {}; | ||
return Object.entries(consents).reduce((acc, [purposeId, consented]) => { | ||
return consented ? [...acc, purposeId] : acc; | ||
}, []); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this something the tcfConsentManagement
module should handle?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure we understood the functionality of the consentManagement
module correctly. Please let me know if anything that I'm saying is incorrect.
The consentManagment module is used to fetch, decode and pass the user consent to bid adapter, RTD modules, etc. The publisher uses this module to configure the integration with its CMP. It also allows adding some rules to automatically enforce GDPR based on their GVL_ID through the gdprEnforcement module. Like the one shown here as Sirdata's example:
pbjs.setConfig({
consentManagement: {
usp: {
cmpApi: 'iab',
timeout: 100 // US Privacy timeout 100ms
},
gdpr: {
cmpApi: 'iab',
timeout: 8000,
defaultGdprScope: true,
rules: [{
purpose: "storage",
enforcePurpose: true,
enforceVendor: true,
vendorExceptions: ["appnexus"] //Can work without consent for cookies
},{
purpose: "basicAds",
enforcePurpose: true,
enforceVendor: true,
vendorExceptions: ["appnexus"]
}]
},
}
});
But if we want to automatically check the consent given for our module from inside our RTD module, without the publisher having to configure that, we can't use the consentManagement
module. We've seen other modules doing the checks manually like in our case. For instance sirdata.
We are not sure if there's a better way of doing this through any helpers, or exported functions from consentManagement/gdprEnforcement modules. The closest we could find was the method hasPurpose1Consent but it only checks for one purpose and we need to check five.
Any insight or suggestion about how to better approach this would be greatly appreciated.
Generally we prefer to let the publisher specify how they want their consent to be handled - which for you would mean not worrying about it at all (at least client side). Access to storage, ortb2, etc is gated depending on consent + configuration - as long as you go through the gates (which you appear to do, although I don't know what's going on in the external script). With what you have here you still need some configuration from the publisher - they need to set up the consentManagement modules at least, otherwise you would interpret it as not applicable / consented. So IMO it's reasonable to expect that they also have reviewed / decided / configured how they want to restrict what modules do depending on it. If you prefer to also do your own parallel check, you're signing up for a lot of work. USP is in theory being phased out and replaced by GPP, which is already supported in Prebid, but not considered by this PR. Canada is planning to adopt a version of TCF that's just different enough to be annoying. Other jurisdictions are planning other systems. |
@dgirardi in theory perhaps we should add a loadExternalScript activity? This way, Azerion wouldn't need to worry about their script getting attached if various consent strings suppressed the activity. I agree the consent checks they are doing for attaching data should be covered already by https://docs.prebid.org/dev-docs/activity-controls.html#:~:text=None-,enrichUfpd,-A%20Real%2DTime |
@patmmccann I'm not saying we shouldn't add a script activity, but it'd just be an additional gate that still requires the publisher to set it up / configure consent modules to restrict it. If the goal is to always check for consent regardless of publisher preference it wouldn't help. |
@dgirardi thanks for your clarification. Would that mean that as we already use getStorageManager and getBidRequestData, those actions will not be happening if the consent management enforcement is already configured on the publisher (equivalent to checking to purposes 1, 2 for example)? We need to validate also other purposes i.e. '5', '7', '9'.... should we keep manually checking for those? On the other hand, I'm right to assume we will need to add the |
GDPR purposes are only indirectly linked to those. Storage manager and adding user segments (through the argument passed to So if your goal is specifically to check for a particular GDPR purpose, it doesn't help you. I don't know the specifics of your situation but that's something that I think is best done server side. The GVL id should be added as a parameter in your submodule definition ( |
Adding GVL ID to the module configuration Passing the consent to the script execution instead of handling it in prebid (#16) --------- Co-authored-by: Gorka Guridi <[email protected]>
…rebid#11775) * Azerion Edge RTD Module: Initial release ### Type of change [x] Feature: New RTD Submodule ### Description of change Adds new Azerion Edge RTD module. Maintainer: azerion.com Contact: @garciapuig @mserrate @gguridi * Azerion Edge RTD Module: Initial release. Typo * AzerionEdge RTD Module: Documentation: Required parameters Type of change: Documentation/Feature Description of change: Specifying new required parameters on documentation. Updating examples. * AzerionEdge RTD Module: Compatible with GDPR/USP Privacy Modules (prebid#14) - Added GDPR validation. - We validate against ImproveDigital vendor ID consent and several purposes. - We don't load edge script, nor process the existing data, if consent wasn't given. - Adding support for USP consent. * AzerionEdgeRTDModule: Passing the consent to the script execution (prebid#17) Adding GVL ID to the module configuration Passing the consent to the script execution instead of handling it in prebid (prebid#16) --------- Co-authored-by: Gorka Guridi <[email protected]> --------- Co-authored-by: Gorka Guridi <[email protected]>
…rebid#11775) * Azerion Edge RTD Module: Initial release ### Type of change [x] Feature: New RTD Submodule ### Description of change Adds new Azerion Edge RTD module. Maintainer: azerion.com Contact: @garciapuig @mserrate @gguridi * Azerion Edge RTD Module: Initial release. Typo * AzerionEdge RTD Module: Documentation: Required parameters Type of change: Documentation/Feature Description of change: Specifying new required parameters on documentation. Updating examples. * AzerionEdge RTD Module: Compatible with GDPR/USP Privacy Modules (#14) - Added GDPR validation. - We validate against ImproveDigital vendor ID consent and several purposes. - We don't load edge script, nor process the existing data, if consent wasn't given. - Adding support for USP consent. * AzerionEdgeRTDModule: Passing the consent to the script execution (#17) Adding GVL ID to the module configuration Passing the consent to the script execution instead of handling it in prebid (#16) --------- Co-authored-by: Gorka Guridi <[email protected]> --------- Co-authored-by: Gorka Guridi <[email protected]>
Type of change
Bugfix
Feature
New bidder adapter
Updated bidder adapter
Code style update (formatting, local variables)
Refactoring (no functional changes, no api changes)
Build related changes
CI related changes
Does this change affect user-facing APIs or examples documented on http://prebid.org?
Other
Description of change
AzerionEdge RTD Module: Added Compatibility with GDPR/USP Privacy Modules
Other information
prebid/prebid.github.io#5414