Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Propose a GPC extension to OpenRTB #99

Closed
wants to merge 5 commits into from
Closed

Propose a GPC extension to OpenRTB #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2180fc5
Propose a GPC extension to OpenRTB
AramZS Apr 8, 2022
ba0bda0
Add to community extension base README with GPC issue
AramZS Apr 8, 2022
6af060e
Switching to use regs.ext
AramZS Apr 12, 2022
001f22b
Show GPC uses the regs object in describing table.
AramZS Apr 26, 2022
1a05989
details fix
AramZS Apr 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions extensions/community_extensions/GPC.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
### Global Privacy Control

Issue: [#98](https://github.com/InteractiveAdvertisingBureau/openrtb/issues/98)

The goal is to support passing the Global Privacy Control signal to downstream participants in order to allow them to make decisions on how to interpret the privacy state of a user in regard to applicable regulations.

Downstream consumers of this signal should use it as the primary signal where they believe it applies, since not all publishers may use the signal to change their interpretation of other privacy signals or may interpret it the same way as a downstream consumer. So, where the downstream consumer of OpenRTB signals sees both a USPAPI signal and a GPC signal on a request and considers the GPC signal to mean an opt-out in California, and where the USPAPI signal does not indicate such an opt-out, then the downstream consumer should consider the user opted-out.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this may be true, I'm not sure it's the appropriate place to state it

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@patmmccann Is there a better place to open up such a discussion?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure, but this looks like legal advice to me

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 I expect we have to strike this paragraph. I recommend following the pattern for our solutions to other regulations, e.g., https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md.

Copy link
Contributor

@dmdabbs dmdabbs Apr 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...should use it as the primary signal...

Is this dictate appropriate? What does "primary signal" mean? @wittjill's earlier suggestion we scope our purpose to facilitation was spot on

Can we change the two intro paragraphs so that it is more in line with how other privacy specs are written, something like:

This community extension supports passing the Global Privacy Control signal to downstream participants in order to allow them to make decisions on how to interpret the privacy state of a user in regard to applicable regulations.

For more information about the Global Privacy Control specification visit: ​​https://globalprivacycontrol.org/

I'd propose this further minimalisation:

This community extension supports passing the Global Privacy Control signal that downstream recipients may use to determine how to process the request.

For more information about the Global Privacy Control specification visit: ​​https://globalprivacycontrol.org/

If the detailed guidance is retained, "...USPAPI signal and a GPC..." is dated since USPAPI is deprecated in favor of GPP, yes?


When the creator of the OpenRTB object sees a GPC signal they must set this extension with that signal.

Request Changes

<table>
<tr>
<th>Content Object</th>
<th>Type</th>
<th>Example values</th>
<th>Description</th>
</tr>
<tr>
<td>regs.ext.gpc</td>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is needed at all (and I expect it is), I recommend we put it directly in the mainline specification next to the fields for GDPR, GPP, etc.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignore my previous comment. I raised with the Working Group, the consensus is to stick with the extension for now.

<td>integer</td>
Copy link

@simontrasler simontrasler Apr 18, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make string, and propagate the contents of the HTTP header as-is. Then there is no interpretation of the (originally, string) value as it passes down the chain.

<td>1</td>
<td>This value should exactly replicate the value in the Global Privacy Control signal setting that will be available at both the header and window level. Where GPC is set to 1 this should be set to 1 and where it is not present this property should not be present.</td>
</tr>
</table>

Example Request

```
{
"regs":{
AramZS marked this conversation as resolved.
Show resolved Hide resolved
"ext":{
"gpc": 1
}
}
}
```
18 changes: 13 additions & 5 deletions extensions/community_extensions/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,36 +17,44 @@ See [digitrust.md](digitrust.md) for details.

#### Notes

See [ca-568.md](ca-568.md) for deatils.
See [ca-568.md](ca-568.md) for details.

### URLs for Brand Safety

#### Issue: [#39](https://github.com/InteractiveAdvertisingBureau/openrtb/issues/39)

#### Notes

See [urls-brand-safety.md](urls-brand-safety.md) for deatils.
See [urls-brand-safety.md](urls-brand-safety.md) for details.

### SKAdNetwork Support

#### Issue: [#43](https://github.com/InteractiveAdvertisingBureau/openrtb/issues/43)

#### Notes

See [skadnetwork.md](skadnetwork.md) for deatils.
See [skadnetwork.md](skadnetwork.md) for details.

### SCID.id

#### Issue: [#50](https://github.com/InteractiveAdvertisingBureau/openrtb/issues/50)

#### Notes

See [SCID.md](SCID.md) for deatils.
See [SCID.md](SCID.md) for details.

### Extended Content IDs

#### Issue: [#82](https://github.com/InteractiveAdvertisingBureau/openrtb/issues/82)

#### Notes

See [extended-content-ids.md](extended-content-ids.md) for deatils.
See [extended-content-ids.md](extended-content-ids.md) for details.

AramZS marked this conversation as resolved.
Show resolved Hide resolved
### Global Privacy Control (GPC)

#### Issue: [#98](https://github.com/InteractiveAdvertisingBureau/openrtb/issues/98)

#### Notes

See [the Global Privacy Control website](https://globalprivacycontrol.org/) for details on the specification and its current market support.