1. Home
  2. Monetisation
  3. Line Items
  4. Consent management for demand tags

Consent management for demand tags


In 2019, IAB Europe and the IAB Tech Lab announced their newest updates to the Transparency & Consent Framework (TCF). TCF 2.0 enables participants within the programmatic ecosystem to streamline their GDPR compliance.

To make this process easy to implement, we’ve provided a script and macros that enable you to pass through the TCF consent flag and string from any publication that uses a CMP on their website.  In order to implement this, you’ll need to do two things:

1.0 | Update custom code

First, copy and paste the following script into the Player Custom Code section of an ad unit (for outstream) or a playout (for instream).

window.bb_consent_data = "";
window.bb_consent_flag = 0;

if (window.__tcfapi) {
  window.__tcfapi('getTCData', 2, function(result, success) {
    if (success && result && result.tcString) {
      window.bb_consent_data = result.tcString;
      window.bb_consent_flag = result.gdprApplies === true ? 1 : 0;
    }
  });
} else if (window.top) {
  var callId = 0;
  window.addEventListener('message', receiveMessage);

  function sendMessage(command, parameter) {
    var message = {
      __tcfapiCall: {
        callId: ('iframe:' + (++callId)),
        command: command,
        parameter: parameter
      }
    };
    window.top.postMessage(message, '*');
  }

  function receiveMessage(event) {
    if (event.data && event.data.__tcfapiReturn && event.data.__tcfapiReturn.success && event.data.__tcfapiReturn.returnValue) {
      window.bb_consent_data = event.data.__tcfapiReturn.returnValue.tcString || "";
      window.bb_consent_flag = event.data.__tcfapiReturn.returnValue.gdprApplies === true ? 1 : 0;
    }
  }

  sendMessage('getTCData');
}

if (window.__cmp) {
  window.__cmp('getConsentData', null, function(result) {
    if (result && result.consentData) {
      if (!window.bb_consent_data) window.bb_consent_data = result.consentData;
      if (!window.bb_consent_flag) window.bb_consent_flag = result.gdprApplies === true ? 1 : 0;
    }
  });
} else if (window.top) {
  var callId = 0;
  window.addEventListener('message', receiveMessage);

  function sendMessage(command, parameter) {
    var message = {
      __cmpCall: {
        callId: ('iframe:' + (++callId)),
        command: command,
        parameter: parameter
      }
    };
    window.top.postMessage(message, '*');
  }

  function receiveMessage(event) {
    if (event.data && event.data.__cmpReturn && event.data.__cmpReturn.returnValue) {
      if (!window.bb_consent_data) window.bb_consent_data = event.data.__cmpReturn.returnValue.consentData || "";
      if (!window.bb_consent_flag) window.bb_consent_flag = event.data.__cmpReturn.returnValue.gdprApplies === true ? 1 : 0;
    }
  }

  sendMessage('getConsentData');
}

2.0 | Update macros

Next, you’ll need to update your consent macros in your VAST/VPAID tags.  The query from demand partners varies, but the following macros can always be used:

[js:bb_consent_flag] refers to a 0 or 1 value that tells the demand partner whether GDPR does not apply (0) or if GDPR does apply (1).

[js:bb_consent_data] passes the TC string from the CMP, if it’s available.  This macro is used most frequently, and is the most important to demand partners.

Macro examples

Each demand partner requests consent in a different way, but here are some common examples and how the macros can be used:

  • https://pubads.g.doubleclick.net/gampad/ads?iu=/XXXXXXXX/URL&description_url=[url]&tfcd=0&npa=0&gdfp_req=1&output=vast&unviewed_position_start=1&env=vp&impl=s&correlator=&iab_string=[js:bb_consent_data]&gdpr_consent=[js:bb_consent_data]
  • http://ads.stickyadstv.com/vast/vpaid-adapter/XXXXXXXX?_fw_gdpr=[js:bb_consent_flag]&_fw_gdpr_consent=[js:bb_consent_data]
  • https://vid.pubmatic.com/AdServer/AdServerServlet?adtype=13&pubId=XXXXXX&siteId=XXXXXX&adId=XXXXXXX&vadFmt=2&vminl=1&vmaxl=120&vh=338&vw=600&placement=3&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1&sec=1&gdpr=[js:bb_consent_flag]&gdpr_consent=[js:bb_consent_data]
  • https://secure.adnxs.com/ptv?id=XXXXXXXX&gdpr=[js:bb_consent_flag]&gdpr_consent=[js:bb_consent_data]

 

Updated on October 5, 2020

Was this article helpful?

Related Articles