gdpr consentManagement module docs #645
Conversation
| --- | ||
| layout: page | ||
| title: Module - GDPR ConsentManagement | ||
| description: User ID persisted in first party domain |
There was a problem hiding this comment.
Not sure this is accurate. Maybe change to something like "Add on module to consume and distribute consent information to bidder adapters"
There was a problem hiding this comment.
this was a hold-over from a page I copied from to start things off that I missed. Will update it.
| @@ -0,0 +1,178 @@ | |||
| --- | |||
| layout: page | |||
| title: Module - GDPR ConsentManagement | |||
There was a problem hiding this comment.
@mjacobsonny
What do you want to call the module? GDPR Consent Management or just "Consent Management"
| if (bidderRequest && bidderRequest.gdprConsent) { | ||
| adapterRequest.gdpr_consent = { | ||
| consent_string: bidderRequest.gdprConsent.consentString, | ||
| consent_required: (typeof bidderRequest.gdprConsent.consentRequired === 'boolean') ? bidderRequest.gdprConsent.consentRequired : true |
There was a problem hiding this comment.
can you add a comment on this line describing the logic.
There was a problem hiding this comment.
added a comment in the code
|
|
||
| The actual implementation details of this CMP are not covered by this page; any questions on that implemenation should be referred to the CMP in question. However, we would recommend to have the CMP's code located before the prebid code in the head of the page, in order to ensure their framework is implemented before the prebid code starts to execute. | ||
|
|
||
| The module currently supports the following CMPs: |
There was a problem hiding this comment.
I think we discussed that this should be worded to include any CMP that conforms to the IAB standard at https://info.quantcast.com/rs/516-DGM-318/images/Framework%20CMP%20JS%20API%20Specification.pdf
There was a problem hiding this comment.
I will make this update; would that be the ideal link to reference? I was looking around and thinking this may be better to use for a long-term reference:
https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework
| {: .table .table-bordered .table-striped } | ||
| | Param | Type | Description | Example | | ||
| | --- | --- | --- | --- | | ||
| | cmp | `string` | The ID for the CMP in use on the page. Default is `'appnexus'` | `'appnexus'` | |
There was a problem hiding this comment.
Related to the previous comment, believe this would be more like cmpApi, with the value being 'iab'.
There was a problem hiding this comment.
I'll make this change (note - there will be subsequent updates in the main PR as a result).
| | timeout | `integer` | Length of time (in milliseconds) to allow the CMP to perform its tasks before aborting the process. Default is `10000` | `10000` | | ||
| | allowAuctionWithoutConsent | `boolean` | A setting to determine what will happen when obtaining consent information from the CMP fails; either allow the auction to proceed (**true**) or cancel the auction (**false**). Default is `true` | `true` or `false` | | ||
|
|
||
| * Note - There are some technologies to determine if a given request is in scope of GDPR or not. While this technology is not part of the consentManagement module (nor prebid), some adapters may have this technology available. If they do, they have the opportunity to set their own default value for the `consentRequired` field. If you are using a GDPR supported adapter that has this capability, simply do **not** include this field in your config to let the corresponding adapter(s) set their value. |
There was a problem hiding this comment.
It's not the adapter that has the ability to determine GDPR scope... probably the SSP/exchange/bidder. Would suggest wording more like this:
Note - Some SSPs can determine whether a given request is in GDPR scope or not. If the page specifies consentRequired, it will override any dynamic determination and force the bidders to use this override value -- i.e. tell the SSP whether the consent string must be enforced for this user. Each bidder adapter supporting GDPR will default to the proper setting for the backend SSP, so it's not recommended to set this value unless override is what's desired.
There was a problem hiding this comment.
Thanks for the feedback, I'll make the changes as recommended.
|
I've pushed a commit with changes in lieu of the recent feedback, as well as changes due to a shift of logic that happened in the module proper. There is no longer a workflow where the module would wait for a new-user to finish entering their consent information. The eventlistener we were using the in the module to make this workflow work is not part of the IAB spec (it was only present in the AppNexus CMP), so it had to be removed to properly support the IAB CMP option. As a consequence, the timeout defaults were reduced to 500ms. |
DO NOT MERGE until prebid/Prebid.js#2213 is merged.
This PR represents the added documentation for the new GDPR consentManagement module.