GDPR: A technical checklist for sellers
Whether you’ve enabled a consent management provider (CMP) using the IAB Europe Transparency & Consent Framework or built your own, you might still not be able to pass the consent signal properly to monetization partners like Rubicon Project.
We created the short checklist below to help you navigate the complexity of “what needs to be done and how.” In terms of “when it needs to be done,” the answer is easy … It’s NOW!
Video & Audio Publishers
The Rubicon Project VPAID tag will automatically look for the presence of a CMP conforming to the IAB Europe Framework. No other changes are necessary if this is in place.
If you are using a CMP, you must either (1) retag the existing VAST tag with the CMP open redirect url or (2) send the following additional GDPR consent parameters:
|URL parameter||possible values||purpose|
|gdpr||0/1||0=GDPR does not apply
If not present, callee should do geoIP lookup, and GDPR applies for EU IP addresses
|gdpr_consent||URL-safe base64-encoded GDPR consent string. Only meaningful if gdpr=1||Encodes the consented-to purposes and vendor consent string, as obtained from the CMP JS API or OpenRTB|
You can refer to the following VAST example (with GDPR parameters in bold):
Our xAPI specification has been updated to include instructions for passing the required extensions in the Regs and User objects. These follow the OpenRTB GDPR advisory, found here (Q13 of the same document).
Rubicon Project’s preferred header bidding wrapper is Prebid version 1.11, which supports a GDPR module that integrates against the IAB EU Consent framework. Prebid v1.11 will make any available consent data via CMPs based on the framework available to bidders who are integrated into the wrapper and also registered on the IAB Global Vendor List.
Individual demand partners using the wrapper will also need to update their adapters to Prebid v1.11 to receive consent data. Prebid.org maintains a list of compliant demand partners.
If you are using a version of the Prebid wrapper that does not support the GDPR consent module and you would like to pass consent through the Prebid wrapper, please work with your Rubicon Project Solutions Engineering representative to update to Prebid v1.11.
As a general best practice, you should upgrade to the latest version of Prebid as soon as you can as it offers improved performance, better handling of infinite scroll, and many upcoming features.
Prebid Server Publishers
If you are using Prebid Server hosted by Rubicon Project, you need to:
1) Upgrade your Prebid.js installation to v1.11 and incorporate the ‘consentManagement’ module.
2) Change the endpoint of Prebid Server in Prebid.js config
3) Those using the mobile app will need to modify their use of Prebid SDK
Prebid SDK Developers
iOS and Android have their own mechanisms for collecting consent and passing it to openrtb through targeting parameters. Mobile app developers will need to update to the latest version of Prebid SDK and pass these parameters through. In particular:
[[PBTargetingParams sharedInstance] setConsent:@”testconsent”];[[PBTargetingParams sharedInstance] setGdpr:FALSE];
TargetingParamsTest.javaTargetingParams.setGDPRConsentString(activity, “World”);TargetingParams.setSubjectToGDPR(activity, false);
For more information about maintaining compliance with the GDPR and passing consent data to us, check out this article by our Data Protection Officer, Eve Filip, reach out to your account manager, or shoot us an email at GDPR@rubiconproject.com.
Tags: CMP, Data Protection, GDPR, transparency