This consent management module is designed to support the California Consumer Privacy Act (CCPA). The IAB has generalized these guidelines to cover future regulations, referring to the feature as “US Privacy.”
This module works with supported Consent Management Platforms (CMPs) to fetch an encoded string representing the user’s consent choices and make it available for adapters to consume and process.
See also the Prebid Consent Management - GDPR Module for supporting the EU General Data Protection Regulation (GDPR)
Prebid functionality created to address regulatory requirements does not replace each party’s responsibility to determine its own legal obligations and comply with all applicable laws. We recommend consulting with your legal counsel before determining how to utilize these features in support of your overall privacy approach.
Here’s a summary of the interaction process:
In the the case of a new user, CMPs will generally respond only after there is consent information available (i.e., the user has made their consent choices). Making these selections can take some time for the average user, so the module provides timeout settings.
If the timeout period expires or an error from the CMP is thrown, the auction proceeds without the user’s consent information.
To utilize this module, a CMP compatible with the IAB 1.1 TCF spec needs to be implemented onthe site to interact with the user and obtain their consent choices.
Though implementation details for the CMP are not covered by Prebid.org, we do recommend to that you place the CMP code before the Prebid.js code in the head of the page in order to ensure the CMP’s framework is loaded before the Prebid code executes.
Once the CMP is implemented, simply include this module into your build and add a
consentManagement object in the
setConfig() call. Adapters that support this feature will then be able to retrieve the consent information and incorporate it in their requests.
Here are the parameters supported in the
||The CMP interface that is in use. Supported values are ‘iab’ or ‘static’. Static allows integrations where IAB-formatted consent strings are provided in a non-standard way. Default is
||Length of time (in milliseconds) to allow the CMP to obtain the CCPA consent string. Default is
||An object representing the CCPA consent data being passed directly; only used when cmpApi is ‘static’. Default is
Example 1: Support both US Privacy and GDPR
Example 2: Support US Privacy
Example 3: Static CMP using custom data passing.
Follow the basic build instructions in the GitHub Prebid.js repo’s main README. To include the consent management module, an additional option must be added to the the gulp build command:
If you are submitting changes to an adapter to support this approach, please also submit a PR to the docs repo to add the
usp_supported: true variable to your respective page in the bidders directory. This will ensure that your adapter’s name will automatically appear on the list of adapters supporting US Privacy.
To find the US Privacy/CCPA consent information to pass along to your system, adapters should look for the
bidderRequest.uspConsent field in their
Below is a sample of how the data is structured in the
usPrivacy object is also available when registering
The object can be accessed by including it as an argument in the
Depending on your needs, you could include the consent information in a query of your pixel and/or, given the consent choices, determine if you should drop the pixels at all.