Amphtml: AMP Consent to support "gdprApplies" param
TCF requires replacing the "gdprApplies" param.
AMP doesn't support that variable. The closest is the consentRequired field.
consentRequired doesn't work well because its value can be true when another regulations applies. Since AMP decided to support IAB TCF, I propose we introduce a new field to the CMP endpoint response "gdprApplies". The value will be stored along with the consent string and passed to ad vendors.
{
"consentRequired": {boolean}
"consentStateValue": {?enum} [default: null]
"consentString": {?string} [default: null]
"expireCache": {boolean} [default: false]
"gdprApplies": {boolean} [default to consentRequired value]
}
Note: AMP will use the "consentRequired" value if the "gdprApplies" is not defined.
Important Notice:
AMP reduces the delay by always respecting the localStored value, and only updates it for the next user visit. That will apply to the "gdprApplies" value as well.
zhouyx
All 14 comments
cc @yoannOgury @PierigOgury @andresilveirah @jawadst @tla-sirdata for feedback. Thanks!
zhouyx
on 11 Mar 2020
Works for me. I think we should also consider a ccpaApplies field. Thanks
tla-sirdata
on 11 Mar 2020
@tla-sirdata Does the US Privacy String's third field not accomplish ccpaApplies?
micajuine-ho
on 19 Mar 2020
@micajuine-ho
This field only reflects the user choice to opt-out when the CCPA banner is surfaced to him.
The US Privacy String may have been updated when user has accessed the website while being in California but if he travels in Europe, CCPA no longer applies to him (uncommon case I admit).
Also if consentString is empty and gdprAppliesis false, there's no way to know that CCPA applies. The main idea is to transmit to AMP an information whether another regulation applies so the appropriate banner can be displayed.
tla-sirdata
on 20 Mar 2020
One thing I want to clarify is that AMP wants to add support to gdprApplies because it is required param by the TCF v2 and will be used by many ad vendors. That's the difference between gdprApplies and ccpaApplies. If ccpaApplies will be adopted by all vendors then we are more than happy to add support in the future.
Right now, you should be still be able to pass ccpaApplies and other custom param value to an ad vendor using the sharedData object.
zhouyx
on 20 Mar 2020
Hi, I'm not sure if this feature is live but I just want to let you know that we updated our checkConsentHref endpoint to include gdprApplies.
tla-sirdata
on 6 May 2020
Hi @tla-sirdata, thanks for the update.
The AMP team plans to change the checkConsentHref API in the near future which will directly change the gdprApplies field.
Would you be willing to hold off your change until this or be willing to change your API when the checkConsentHref API changes?
micajuine-ho
on 6 May 2020
If that's OK for you, I prefer to let the new field on. The consentRequired field is still unchanged.
I'll be able to update quickly when the API changes.
Thanks
tla-sirdata
on 6 May 2020
Yes, that sounds good to me. Will update you when the changes occur.
micajuine-ho
on 6 May 2020
@tla-sirdata Update: Change to gdprApplies PR is out now https://github.com/ampproject/amphtml/pull/28852
micajuine-ho
on 15 Jun 2020
@micajuine-ho Thank you, I'll update and send you an integration example.
tla-sirdata
on 15 Jun 2020
@micajuine-ho I've updated the checkConsentHref response and the promptUiSrc workflow to include consentMetadata (gdprApplies + consentStringType).
Please find an example here.
tla-sirdata
on 17 Jun 2020
Hi @tla-sirdata, the metadata looks good from checkConsentHref!
What changes did you make to your promptUiSrc workflow?
micajuine-ho
on 18 Jun 2020
@micajuine-ho I included consentMetadata in the consent-response message when the user saves his choices.
tla-sirdata
on 18 Jun 2020
Related issues
ericlindley-g
路
60Comments
zhouyx
路
60Comments
retornam
路
52Comments
ericlindley-g
路
117Comments
sebastianbenz
路
43Comments
Most helpful comment
One thing I want to clarify is that AMP wants to add support to
gdprAppliesbecause it is required param by the TCF v2 and will be used by many ad vendors. That's the difference betweengdprAppliesandccpaApplies. IfccpaApplieswill be adopted by all vendors then we are more than happy to add support in the future.Right now, you should be still be able to pass
ccpaAppliesand other custom param value to an ad vendor using thesharedDataobject.