You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In general, the TCF-CA configuration aligns with the existing "GDPR" (TCF-EU) configuration, allowing account-level configuration of important details. The differences from GDPR:
normalizing the attributes to camelCase
only purposes relevant to Prebid can be specified: 1,2,4, and 7.
For example:
{
"privacy": {
"modules": [{
"code": "iab.tcfca",
"enabled": true, // defaults to true
"config": {
"purposesAllowingImpliedConsent": [1,2,7],
"purposes": {
"pN": { // where N can only take the values 1,2,4, and 7
"enforcePurpose": true/false, // defaults to true
"enforceVendors": true/false, // defaults to true
"vendorExceptions": [ "bidderA", "9999" ]
}
},
"specialFeatures": {
"f1": {
"enforce": true/false // defaults to true
}
}
}]
}
}
Where:
enabled is a flag that allows the publisher to completely turn off this module, causing it to effectively "abstain" from any Activity which consults it. The value must be boolean. The default value is true.
purposesAllowingImpliedConsent maps to purposeAllowsImpliedConsent[P] in the legal basis algorithm. The value must be an array of integers. The default value is [1,2,7].
enforcePurpose maps to enforcePurpose[P] in the legal basis algorithm. The value must be boolean. The default value is true.
enforceVendors maps to enforceVendor[P,V] in the legal basis algorithm. The value must be boolean. The default value is true.
vendorExceptions maps to softVendorExceptions[P] in the legal basis algorithm. The value must be an array of strings. The values may be a bidder code, a hardcoded bidder alias, a dynamic bidder alias, or a bidder GVLID. The default value is empty.
enforce maps to featureEnforced[F] in the legal basis algorithm. The value must be boolean. The default value is true.
If there's a minor validation error with one of these values (e.g. bad datatype), fall back to the default. A failure should cause the system should generate an alert.general metric with N% logging and emit a warning in the ORTB response.
Ignore unknown fields in the JSON.
If there's a major validation error with the account-level JSON, fall back to the host-level default. We don't want to skip broken sections because that could wind up creating a legal problem. A failure should cause the system should generate an alert.general metric with N% logging and emit a warning in the ORTB response.
iab.tcfca Processing
When called by the Activity Control infrastructure, module processing follows this high level outline:
If not enabled, return "abstain".
If regs.gpp_sid does not contain 5, return "abstain".
Determine which purposes or special feature require legal basis for this Activity based on the table in the document. e.g. accessDevice requires basis for Purpose 1.
For each Purpose/Feature for which legal basis is required, use the Legal Basis algorithm in the doc to determine whether basis is obtained for each activity/vendor.
Note: the vendorExceptions array of strings can match any of the following: a bidder code, a hardcoded bidder alias, a dynamic bidder alias, or a bidder GVLID.
If all required Purposes/Features have obtained legal basis, return "allow"
Otherwise, return "disallow".
The text was updated successfully, but these errors were encountered:
The next GPP Module will be TCF-Canada.
The general requirements, legal basis determination, and mapping to Activity Controls is drafted at https://docs.google.com/document/d/1SFTHpgQHhgVjKnyyw87EbR3YpSIxaI6r2sJDcuAoOFM/edit . Note that this is still under review, and IAB Canada may make updates to reflect TCF 2.2.
This issue proposes a Prebid Server-specific configuration, highlighting differences from the processing of TCF-EU.
Differences between TCF-CA and TCF-EU
The differences noted in the doc are: GVL file location, field renaming, and one dropped feature: PurposeOneTreatment.
In addition to these differences, other changes proposed in the doc as compared to existing TCF processing:
Linking to TCF-CA from Activity Config
There are no changes from how we defined the top-level Activity configuration in #2686 . This is just another privacy module named "iab.tcfca".
Proposed TCF-CA Privacy Module Config
The name of the module is
iab.tcfca
.In general, the TCF-CA configuration aligns with the existing "GDPR" (TCF-EU) configuration, allowing account-level configuration of important details. The differences from GDPR:
For example:
Where:
purposeAllowsImpliedConsent[P]
in the legal basis algorithm. The value must be an array of integers. The default value is [1,2,7].enforcePurpose[P]
in the legal basis algorithm. The value must be boolean. The default value is true.enforceVendor[P,V]
in the legal basis algorithm. The value must be boolean. The default value is true.softVendorExceptions[P]
in the legal basis algorithm. The value must be an array of strings. The values may be a bidder code, a hardcoded bidder alias, a dynamic bidder alias, or a bidder GVLID. The default value is empty.featureEnforced[F]
in the legal basis algorithm. The value must be boolean. The default value is true.If there's a minor validation error with one of these values (e.g. bad datatype), fall back to the default. A failure should cause the system should generate an alert.general metric with N% logging and emit a warning in the ORTB response.
Ignore unknown fields in the JSON.
If there's a major validation error with the account-level JSON, fall back to the host-level default. We don't want to skip broken sections because that could wind up creating a legal problem. A failure should cause the system should generate an alert.general metric with N% logging and emit a warning in the ORTB response.
iab.tcfca Processing
When called by the Activity Control infrastructure, module processing follows this high level outline:
The text was updated successfully, but these errors were encountered: