Prebid 8: remove GDPR check when GDPR enforcement is disabled

Author: dgirardi

modules/gdprEnforcement.js

@@ -6,7 +6,6 @@ import {deepAccess, logError, logWarn} from '../src/utils.js';
 import {config} from '../src/config.js';
 import adapterManager, {gdprDataHandler} from '../src/adapterManager.js';
 import {find} from '../src/polyfill.js';
-import {getHook} from '../src/hook.js';
 import * as events from '../src/events.js';
 import CONSTANTS from '../src/constants.json';
 import {GDPR_GVLIDS, VENDORLESS_GVLID} from '../src/consentHandler.js';
@@ -219,15 +218,6 @@ export const accessDeviceRule = ((rule) => {
 export const syncUserRule = gdprRule(1, () => purpose1Rule, storageBlocked);
 export const enrichEidsRule = gdprRule(1, () => purpose1Rule, storageBlocked);
 
-export function userIdHook(fn, submodules, consentData) {
-  // TODO: remove this in v8 (https://github.com/prebid/Prebid.js/issues/9766)
-  if (shouldEnforce(consentData, 1, 'User ID')) {
-    fn.call(this, submodules, {...consentData, hasValidated: true});
-  } else {
-    fn.call(this, submodules, consentData);
-  }
-}
-
 export const fetchBidsRule = ((rule) => {
   return function (params) {
     if (params[ACTIVITY_PARAM_COMPONENT_TYPE] !== MODULE_TYPE_BIDDER) {
@@ -307,8 +297,6 @@ export function setEnforcementConfig(config) {
       RULE_HANDLES.push(registerActivityControl(ACTIVITY_ACCESS_DEVICE, RULE_NAME, accessDeviceRule));
       RULE_HANDLES.push(registerActivityControl(ACTIVITY_SYNC_USER, RULE_NAME, syncUserRule));
       RULE_HANDLES.push(registerActivityControl(ACTIVITY_ENRICH_EIDS, RULE_NAME, enrichEidsRule));
-      // TODO: remove this hook in v8 (https://github.com/prebid/Prebid.js/issues/9766)
-      getHook('validateGdprEnforcement').before(userIdHook, 47);
     }
     if (purpose2Rule) {
       RULE_HANDLES.push(registerActivityControl(ACTIVITY_FETCH_BIDS, RULE_NAME, fetchBidsRule));
@@ -321,9 +309,6 @@ export function setEnforcementConfig(config) {
 
 export function uninstall() {
   while (RULE_HANDLES.length) RULE_HANDLES.pop()();
-  [
-    getHook('validateGdprEnforcement').getHooks({hook: userIdHook}),
-  ].forEach(hook => hook.remove());
   hooksAdded = false;
 }
 

modules/userId/index.js

@@ -132,7 +132,7 @@ import * as events from '../../src/events.js';
 import {getGlobal} from '../../src/prebidGlobal.js';
 import adapterManager, {gdprDataHandler} from '../../src/adapterManager.js';
 import CONSTANTS from '../../src/constants.json';
-import {hook, module, ready as hooksReady} from '../../src/hook.js';
+import {module, ready as hooksReady} from '../../src/hook.js';
 import {buildEidPermissions, createEidsArray, USER_IDS_CONFIG} from './eids.js';
 import {
   getCoreStorageManager,
@@ -159,7 +159,6 @@ import {
 } from '../../src/utils.js';
 import {getPPID as coreGetPPID} from '../../src/adserver.js';
 import {defer, GreedyPromise} from '../../src/utils/promise.js';
-import {hasPurpose1Consent} from '../../src/utils/gpdr.js';
 import {registerOrtbProcessor, REQUEST} from '../../src/pbjsORTB.js';
 import {newMetrics, timedAuctionHook, useMetrics} from '../../src/utils/perfMetrics.js';
 import {findRootDomain} from '../../src/fpd/rootDomain.js';
@@ -784,15 +783,6 @@ function getUserIdsAsync() {
   );
 }
 
-/**
- * This hook returns updated list of submodules which are allowed to do get user id based on TCF 2 enforcement rules configured
- */
-export const validateGdprEnforcement = hook('sync', function (submodules, consentData) {
-  // TODO: remove the `hasValidated` check in v8. Enforcement should be OFF by default.
-  // https://github.com/prebid/Prebid.js/issues/9766
-  return { userIdModules: submodules, hasValidated: consentData && consentData.hasValidated };
-}, 'validateGdprEnforcement');
-
 function populateSubmoduleId(submodule, consentData, storedConsentData, forceRefresh) {
   // There are two submodule configuration types to handle: storage or value
   // 1. storage: retrieve user id data from cookie/html storage or with the submodule's getId method
@@ -882,18 +872,11 @@ function initSubmodules(dest, submodules, consentData, forceRefresh = false) {
       return [];
     }
 
-    // TODO: remove this check in v8 (https://github.com/prebid/Prebid.js/issues/9766)
-    let { userIdModules, hasValidated } = validateGdprEnforcement(submodules, consentData);
-    if (!hasValidated && !hasPurpose1Consent(consentData)) {
-      logWarn(`${MODULE_NAME} - gdpr permission not valid for local storage or cookies, exit module`);
-      return [];
-    }
-
     // we always want the latest consentData stored, even if we don't execute any submodules
     const storedConsentData = getStoredConsentData();
     setStoredConsentData(consentData);
 
-    const initialized = userIdModules.reduce((carry, submodule) => {
+    const initialized = submodules.reduce((carry, submodule) => {
       return submoduleMetrics(submodule.submodule.name).measureTime('init', () => {
         try {
           populateSubmoduleId(submodule, consentData, storedConsentData, forceRefresh);

test/spec/modules/euidIdSystem_spec.js

@@ -64,13 +64,6 @@ describe('EUID module', function() {
     coreStorage.removeDataFromLocalStorage(moduleCookieName);
   });
 
-  it('When a server-only token value is provided in config but consent is not available, it is not available to the auction.', async function() {
-    setGdprApplies();
-    config.setConfig(makePrebidConfig(null, {value: makeEuidIdentityContainer(initialToken)}));
-    const bid = await runAuction();
-    expectNoIdentity(bid);
-  });
-
   it('When a server-only token value is provided in config, it is available to the auction.', async function() {
     setGdprApplies(true);
     config.setConfig(makePrebidConfig(null, {value: makeEuidIdentityContainer(initialToken)}));

test/spec/modules/uid2IdSystem_spec.js

@@ -170,16 +170,6 @@ describe(`UID2 module`, function () {
     expectLegacyToken(bid);
   });
 
-  it('When a legacy value is provided directly in configuration but GDPR applies, it is not passed on', async function() {
-    const valueConfig = makePrebidConfig();
-    setGdprApplies();
-    valueConfig.userSync.userIds[0].value = {uid2: {id: legacyToken}}
-    config.setConfig(valueConfig);
-    const bid = await runAuction();
-
-    expectNoIdentity(bid);
-  });
-
   // These tests cover 'legacy' cookies - i.e. cookies set with just the uid2 advertising token, which was how some previous integrations worked.
   // Some users might still have this cookie, and the module should use that token if a newer one isn't provided.
   // This should cover older integrations where the server is setting this legacy cookie and expecting the module to pass it on.