-
Notifications
You must be signed in to change notification settings - Fork 735
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPP Phase 4 #2686
Comments
Discussed in committee. The naming convention of the
So what are some ways we can handle tcf-eu with respect to this new functionality?
Discussed additional requirements:
|
Discussed GDPR positioning:
Other items discussed
|
Updated after today's meeting:
|
PBS-Java 1.126 implements the iab.usgeneral module. Working on the iab.uscustomlogic module still |
If activityConfig is not specified, the iab.uscustomlogic should return |
Done with PBS-Java 1.130 |
The next steps in GPP are covered by Phase 4 in the requirements document:
Privacy Infrastructure
Prebid Server-Specific Requirements
Any privacy regulation that needs to integrate with the Activity Infrastructure will need to confirm to a new interface. The details of the interface will be left to the Go and Java development teams, but the requirements are:
gpp-tcf-eu
was already called, the reference to*
means all regulations other than gpp-tcf-eu.disallow
takes precedence and 'abstain' is ignored as an answer.Non-Requirements
Linking the Activity and Privacy Infrastructures
See the use cases for how publishers might want to set up the existence of multiple in-scope regulations.
In addition to those use cases, the Prebid Server committee would like to be able to support future non-GPP privacy regulations.
This is the proposed
allowactivities
syntax extension for referring to privacy regulations from within the Activity controls:Notes:
privacyreg
attribute in the activity infrastructure is an interface to a generic layer that can deal with various privacy regulations as they are added to the system.Configuring Privacy Modules
See General GPP Infrastructure requirements for background.
Prebid Server needs to allow accounts to configure privacy regulations. Here's the proposed syntax, which places the config in a new "privacy.modules" block. The proposal is that we define a new type of module interface for privacy modules. All the ones active for the given account would be registered here.
Assumptions:
Example config:
Notes:
Intended Processing:
gpp_sid
parameter and module configuration to determine whether it's in scope for the current request. A future TCF modules may use thegdpr
scope flag and/or geographic information to determine whether it's in-scope.US National Privacy
See US National Infrastructure requirements for background.
Assumptions:
Here's the proposed syntax:
The 'iab.usgeneral' module config field:
The 'iab.uscustomlogic' module is an envisioned (later phase) module that can be used by publishers to override the default interpretation algorithm.
true
, the activity is suppressed (i.e. a "disallow" status is returned). The specific syntax of this has been debated and not finalized. The proposal is to settle on utilizing JSON Logic for Prebid Server for this and future general configuration logic needs.Intended processing:
allowactivities
config, the activity infrastructure calls the relevant privacy module(s) with the supplied module configuration. If a privacy module name is defined more than once in the config, only the first is processed. Others result in emitting a warning and an alert.general metric.The text was updated successfully, but these errors were encountered: