You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

GDPR RTB Platform Updates

Guidelines and Updates for TCF 2.0 Readiness

The IAB Europe Transparency & Consent Framework (TCF) gives the publishing and advertising industries a common structure to communicate consumer consent, for the delivery of online advertising and content in compliance with the EU’s GDPR and ePrivacy Directive. On August 21, 2019, IAB Europe launched the second iteration of TCF.

Important milestone dates:

  • IAB Europe wants the industry to transition to TCF 2.0 by the end of Q2 2020.
  • PubMatic will be ready to support TCF 2.0 from April 30, 2020.
  • PubMatic will continue to support both v1.1 and v2 signals until all major DSPs support TCF 2.0. 

What do you need to do?

  1. Define your legal basis for each of the purposes and make sure that you are listed into the IAB TCF v2 vendor list with a proper ID. 
  2. Work with your CMPs to update your TCF version from 1.1 to 2.0.

To learn more:

If you have questions or need more assistant, contact your Customer Success representative.

Support for GDPR Specific Parameters

In response to IAB recommendations, PubMatic's publisher facing APIs now support GDPR specific parameters.

Open RTB API for Publishers

Two new GDPR parameters have been added to Open RTB JSON:

  • regs.ext.gdpr: Boolean value (0/1), indicates whether an impression requires GDPR compliance.
  • user.ext.consent: String with an encoded/compressed consent object; for example, consent="3FDF299BE572". The consent object contains a list of vendors who have consent along with the purpose.

PubMatic’s Proprietary Ad Server API for Publishers

Two new GDPR parameters have been added:

  • gdpr: Boolean value (0/1), indicates whether an impression requires GDPR compliance.
  • gdpr_consent: String with an encoded/compressed consent object; for example, consent="3FDF299BE572". The consent object contains a list of vendors who have consent along with the purpose.

Passing GDPR Parameters to DSPs

PubMatic passes GDPR specific parameters to DSPs as follows.

Open RTB API

Two new GDPR parameters have been added to Open RTB JSON. The parameters differ slightly depending upon your version of Open RTB as follows.

Up to Version 2.2

  • user.ext.gdpr: Boolean value (0/1), indicates whether an impression requires GDPR compliance.
  • user.ext.consent: String with an encoded/compressed consent object; for example, consent="3FDF299BE572". The consent object contains a list of vendors who have consent along with the purpose.

Versions 2.3 to 2.5

  • Regs.ext.gdpr: Boolean value (0/1), indicates whether an impression requires GDPR compliance.
  • user.ext.consent: String with an encoded/compressed consent object; for example, consent="3FDF299BE572". The consent object contains a list of vendors who have consent along with the purpose.

PubMatic’s Proprietary RTB APIs for DSPs

Two new GDPR parameters have been added:

  • gdpr: Boolean value (0/1), indicates whether an impression requires GDPR compliance.
  • consent: String with an encoded/compressed consent object; for example, consent="3FDF299BE572". The consent object contains a list of vendors who have consent along with the purpose.

Passing GDPR Parameters for Google Exchange Bidding Publishers

Google Exchange Bidding (EB) follows a slightly different standard for GDPR parameters. PubMatic receives GDPR specific parameters from Google EB and passes them unchanged to DSPs.

The two EB parameters passed are:

  • Regs.ext.gdpr: Boolean value (0/1) indicating if GDPR compliance is required for the impression.
  • User.ext.consented_providers_settings.consented_providers: Set of IDs corresponding to providers for whom the publisher has told Google that its EEA (European Economic Area), users have consented to the use of their personal data for ad personalization. Google's Ad Exchange Help Documentation site posts a  mapping of provider ID-to-provider name.

Example Google EB parameter that would be passed to DSPs:

{
     "user": {
          "ext": {
               "consented_providers_settings":
               { "consented_providers": [123, 456] }
          }
     },
     "regs": {
          "ext":
          { "gdpr": true }
     }
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Changes in User Sync Process for GDPR Compliance

For EEA users, sync with DSPs happens only when both PubMatic and the DSP have user consent. The URL to initiate user sync with DSPs uses the two parameters below:

  • gdpr: Boolean value (0/1) indicating if GDPR compliance is required for the impression.
  • gdpr_consent: String with an encoded/compressed consent object; for example, consent="3FDF299BE572". The consent object contains a list of vendors who have consent along with the purpose.
For DSP initiated sync, again, the sync occurs only when PubMatic and DSPs both have EEA user consent.



⇧ Top

Do you have feedback on this document? Let us know: email us.

Table of Contents