search

InteractiveAdvertisingBureau / GDPR-Transparency-and-Consent-Framework

Technical specifications for IAB Europe Transparency and Consent Framework that will help the digital advertising industry interpret and comply with EU rules on data protection and privacy - notably the General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018.
855 stars 359 forks source link

Problems with Validator 2.2 #346

Closed heikostaab closed 6 months ago

heikostaab commented 11 months ago

We have upgraded our CMP and the validator to be compliant with TCF2.2. The validator shows unexpected errors.

Problem 1 The technical compliance check fails at Did all CMP API required commands return a correct response?. The response of addEventListener is: { "cmpId": xx, "cmpVersion": 2, "gdprApplies": true, "tcfPolicyVersion": 4, "tcString": "...", "listenerId": 3, "eventStatus": "useractioncomplete", "cmpStatus": "loaded", "isServiceSpecific": true, "useNonStandardStacks": false, "publisherCC": "DE", "purposeOneTreatment": false, "outOfBand": { "allowedVendors": {}, "disclosedVendors": {} }, "purpose": { "consents": { "1": true, "2": true, "3": true, "4": true, "5": true, "6": true, "7": true, "8": true, "9": true, "10": true, "11": true }, "legitimateInterests": {} }, "vendor": { "consents": { "1": false, "2": true, "3": false }, "legitimateInterests": {} }, "specialFeatureOptins": { "1": true, "2": true }, "publisher": { "consents": {}, "legitimateInterests": {}, "customPurpose": { "consents": {}, "legitimateInterests": {} }, "restrictions": { } }, "aCustomProperty": { "consentType": "tcf" }, "addtlConsent": "1~1844.1584.1085", "customVendors": { "consents": { "564": true, "634": true, "1157": true, "1196": true, "1235": true }, "legitimateInterests": { "564": false, "634": false, "1157": false, "1196": false, "1235": false } } }

Problem 2 The technical compliance check fails at Are the Created and LastUpdated timestamps imprecise?. Those are set by new Date(). What is the right way to do it?

Problem 3 The technical compliance check fails at Is the current or penultimate version of the GVL being used?. If you decode the consent string with https://iabtcf.com/#/decode it says vendorlist version 18, which is the same as the official GVL at this point of time: https://vendor-list.consensu.org/v3/vendor-list.json. What does this error mean?

Problem 4 The validator does not recognize purpose 11, but it is returned from addEventListener (see json above).

We appreciate if you provide feedback so that we can complete testing.

HeinzBaumann commented 10 months ago

@heikostaab We released an updated CMP validator with a fix for picking up the correct vendor list. Do all your issue still persist? I would think that problem 2, 3 and 4 should be fixed with the latest bug fix release.

heikostaab commented 10 months ago

@HeinzBaumann Thank you for the update (CMP Validator 2.2.3), but unfortunately only problem 3 has been solved and a new check has arised that became a problem, too: image

What does check 12 mean? In this scenario there is no "deleted" vendor, because the consent string was just created.

HeinzBaumann commented 10 months ago

@heikostaab Re: test 12: are all vendor signals for deleted vendors set to 0? The infotype in the validator explains: "This check fails if there are any positive vendor consent or LI signals for vendors that are marked as deleted in the version of the GVL being used." Re: issue 1: Is the addEventListener that is the problem or is the ping command the problem? We have a fix in the works to change the check for the ping command which erroneously assumes a success parameter, which is not always the case. Re: issue 2: The validator infotext: "As a result of the limited relevance of the Created field for publishers and their CMPs to remind users of their choices, the Created and LastUpdated fields have been updated to have the same value." In practice one call to get the timestamp and use it for both Created and LastUpdated.

If there are still issues with the additional explanation, please send me a web URL that demonstrates these issue so I can further investigate them? Thanks

heikostaab commented 9 months ago

@HeinzBaumann Thanks for your quick response.

Test 12: In the GVL the validator is using are these deleted vendors: image In our CMP these vendors' consents are set to false: image What else needs to be done to make that check pass?

We will send you a link to our test page where this problem is reproducable.

Thank you!

J-Korn commented 7 months ago

Edit: Thank you @HeinzBaumann for the speedy response, I did finally manage to pass the validation, turns out I had an error in the removeEventListener callback handling. Perhaps better feedback in the validator should be considered to at least point at which command is not returning correct responses?

Problem 1 The technical compliance check fails at Did all CMP API required commands return a correct response?.

I am encountering the same problem. As far as I can tell the three required commands are implemented according to the documentation but I'm getting this still image

HeinzBaumann commented 7 months ago

@J-Korn do you have a test page I can access and debug this?

HeinzBaumann commented 6 months ago

@J-Korn are there still issues with the latest CMP validator?

J-Korn commented 6 months ago

Hello @HeinzBaumann, I mentioned you in my edit of my previous post. I did end up fixing it, the error was in removeEventListener, not addEventListener as I thought, but the validator feedback was vague. Thank you for following up on my issue.