Google’s Additional Consent Mode

[bwschmidt]

Type of issue

Feature Request

Description

Google has released specs on the additional consent mode described at https://support.google.com/admanager/answer/9681920. We are getting questions from our publishers if we intend to support specification through supply paths other than Google, i.e. Prebid. I did not see an issue about this, so I created this issue to kick off discussion on whether Prebid.js will adopt and support this specification.

[richccalkins]

Hey @mkendall07 @bretg , any thoughts on the above? OpenX is getting a lot of questions about this from EMEA publishers.

[bretg]

Anyone is welcome to work through the development process: post a detailed spec, get community feedback, develop a module, write the documentation.

We would be willing to support an OpenX development team with pre-reviews of any proposed spec, which should include education on the background.

[robertrmartinez]

Adding help wanted label.

Maybe @richccalkins you can gather more information on if you or your team at Openx would be willing to kick off the conversation with a requirements / spec as Bret has mentioned?

[ian-lr]

@bwschmidt @richccalkins Our Privacy/CMP team would be happy to help think through requirements -- let me know if that would be helpful to you and I can put you in touch.

[bretg]

Details on additional consent is at https://support.google.com/admanager/answer/9681920?hl=en

Summary:

1. This hack is to accommodate bidders who refuse to pay to be on the IAB GVL
2. It's not clear where the addtlConsent data will be stored. There's a proposal that CMPs can inject an addtlConsent field in the TCData object, but this isn't approved yet.
3. This field is a simple list of Google-Vendor-IDs the user has consented to. This consent is not linked to purpose.
4. The OpenRTB location for this field is user.ext.ConsentedProvidersSettings.consented_providers

Proposal:

1. We update the consentManagement module to read addtlConsent (from where?) and pass it through the bidrequest.gdprConsent object.
2. We update the pbsBidAdapter module to pass bidrequest.gdprConsent through the OpenRTB on user.ext.ConsentedProvidersSettings.consented_providers
3. We update the SDK to pass addtlConsent through OpenRTB on user.ext.ConsentedProvidersSettings.consented_providers

Implications:

• Prebid will not validate or parse the addtlConsent string
• Prebid will not support or enforce Google vendor IDs
• Prebid will not support passing addtlConsent through usersync URLs
• Prebid.js and Prebid Server bid adapters must be on the GVL. If Purpose 2 is being enforced, Prebid will not call adapters that have not provided GVL IDs.
• Therefore, passing the addtlConsent string is only useful in the scenario where a GVL-compliant exchange supports a DSP that's not on the GVL

[bretg]

Closing this issue as complete with PR #5600