This document explains how the RTB platform implements the General Data Protection Regulation (GDPR) and how to enable the GDPR compliance for different partners.
So far, few Personal Identifiable Information (PII) fields such as user location, IP, age, etc. are being used to deliver targeted ads to users. GDPR regulates the use of such PII fields when the user does not give consent to Ad vendors.
GDPR Impact in the RTB Platform
When the request from a page is a GDPR-regulated impression and the user does not give consent to PubMatic, then all such PII fields are cleared before performing deals and RTB requests. The GDPR-regulated impressions without user consent to PubMatic impact the following areas:
- Real Time Bidding
PubMatic does not send any PII fields through bid requests to a demand partner.
- PMP Deals
PubMatic does not evaluate any deals that are targeted on such PII fields.
- User matching
Cookies will not be shared with demand partners for matching with the user id.
- Audience Matching
Audience data will not be collected from data providers for any users that do not give consent to PubMatic. PubMatic does not use any PII fields that are already collected if the user does not give consent to PubMatic. Additionally, those fields will be deleted after 30 days automatically if the user continues to opt out of PubMatic.
GDPR Compliance for Publisher
By default, the GDPR compliance is applied to all requests coming from EU-region publishers. Publishers should get the consent from the user to PubMatic along with other vendors.
In all requests from a Publisher where there is no consent, PubMatic performs the ad serving as if the user has opted out of PubMatic; Publisher can also opt to get pass-back/blank ad in such case.
A Publisher level control is provided to specify the Publisher’s choice.
GDPR Compliance for DSP
By default, the GDPR compliance is applied to all requests coming from the EU region. A DSP can opt for checking their consent and send the RTB requests only when they have the consent. They can also opt to receive all GDPR-regulated impressions if they are already compliant and can handle such requests on their side.
A campaign level control is provided to specify the DSP choice.
PubMatic sends the following GDPR consent information through RTB request to DSP:
gdpr=1 denoting that the impression is a GDPR regulated information
consent="consent data" - the consent information as received from the publisher page
How to Get Support
For any support related to GDPR implementation in the RTB platform please contact the technical support team at PubMatic.