How Prebid is preparing for the GDPR ?
I think, being a wrapper over SSP execution, Prebid should be able to tread use consent and pass on consent information to partners.
If an SSP, say appnexus, has got user's consent, then how Appnexus would know if its DSP partner, say mediaMath , has got user's consent while calling MediaMath from server side.
Is Prebid supporting any GDPR solution ?
Hi @PubMatic-OpenWrap
Yes, we will be offering a GDPR module soon. Thanks.
Thanks @mkendall07 for update, can you provide link to design draft/documents ?
We will like to understand how it will work.
Both useful and interesting. I'd be keen to know more about the plans for this
The general idea is basically this:
1) The publisher will load the consent framework of their choice.
2) The publisher will indicate whether a particular page view/request is needing of consent (ie, EU user, EU pub etc).
3) The signal passed to prebid.js will interrupt the auction start and ask for consent data from the publisher specified consent framework.
4) Prebid.js will pass through the gathered consent data to each bidder in their request object.
5) Each SSP will handle the consent data as they need to.
Here's an example of what the module API might look like:
consentManagement: {
cmp: 'iab', // these will map to specific functions in the module for invoking getting consent
lookUpConsentTimeout: 600, // the max time to wait for consent to be fed to Prebid.js
lookUpFailureResolution: 'proceed|cancel' // in case of timeout - continue or abort
}
The above would be set in the setConfig API. the presence of the consentManagment object would indicate that consent is required.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Open for feedback: https://github.com/prebid/Prebid.js/pull/2213
Great work Matt. Question for you, is this: http://acdn.adnxs.com/cmp/docs/#/ in Github? This feels like it should be Prebid project?
@mkendall07 Great work. As I can see we decided to not include it in 1.6 release.
Could you provide any estimate when this module might be merged and released?
@cwbeck AppNexus' CMP is available in GitHub at https://github.com/appnexus/cmp
@mike-chowla thanks :)
@mkendall07 - is there a maintained vendors list for SSPs? Regardless of which publisher, Rubicon, AppNexus etc. will require the same authorizations against the permission list?
@cwbeck
what do you mean? Like a list of SSPs that support GDPR?
Is the vendor list going to be a globally maintained vendor list (IAB) or is there a plan to create an open-source version? I've read a few conflicting ideas around this and it looks like the AppNexus version has correctly implemented the spec for IAB. So the question is AppNexus / Prebid going to create a global vendor list or should we look to use the IAB's?
we won't maintain a separate list. We'll use the IAB list.
@mkendall07 ok great 馃憤
Since it is possible that the auction is happening even if we're in the EU and no consent string was explicitly found, who is liable for the "non-compliance"?
Should we also be checking server-side if the traffic is EU?
@jchau87 Questions about liability for under the GDPR should be directed to your legal counsel.
The primary use case for continuing the auction in the absence of consent or other basis to use user data is show advertising that is not targeted using user behavior (contextual advertising).
suggestions set config option if choosing to proceed without content set:true to fire tags in safeframe sandbox without attribute allow-same-origin
this will prevent access to localstorage and prevent any cookies from being written/read on the end user.
Wouldn't that be best case? Im sure exchanges will start adapting to "cookieless ads" for users who dont offer consent, so fireing those ads in sandbox will keep you under compliance regardless of 3rd party actions from exchanges, ssp's
this has been merged.
@mkendall07 awesome and timed perfectly!
Most helpful comment
The general idea is basically this:
1) The publisher will load the consent framework of their choice.
2) The publisher will indicate whether a particular page view/request is needing of consent (ie, EU user, EU pub etc).
3) The signal passed to prebid.js will interrupt the auction start and ask for consent data from the publisher specified consent framework.
4) Prebid.js will pass through the gathered consent data to each bidder in their request object.
5) Each SSP will handle the consent data as they need to.
Here's an example of what the module API might look like:
The above would be set in the
setConfigAPI. the presence of theconsentManagmentobject would indicate that consent is required.