I2I: Client Side Granular Consent

[micajuine-ho]

Summary

Create client side granular consent into amp-consent by allowing publishers to add a new data-block-on-consent-purposes attribute onto AMP elements, whose value is a list of publisher defined purposes. This attribute will block AMP elements from being built until all purpose consents have been accepted. Purpose consents will be collected (and stored) by amp-consent, and can also be synced via checkConsentHrefs request and response.

Design document

Original issues and discussion: https://github.com/ampproject/amphtml/issues/26735

Design Doc: https://docs.google.com/document/d/1RThWzCG7-LLzb13lmUNawLkBJCeGyUIi62GefTunIQg/edit

Motivation

A clear and concise description of any alternative solutions or features you've considered.

• Creating a new component or splitting up amp-consent somehow (future work)
• Creating multiple consent instances for each "purpose"

Additional context

Launch tracker

• [x] Create experiment flag (#32433)

• [x] Expose purposeConsentRequired API through checkConsentHref & inline (#32433)

• [x] PromptUI changes - create toggleConsent(), expand accept and reject actions, create purposeConsentMap from decisions #32470

• [x] PromptUiSrc changes - send and receive purposeConsentMap (#32638)

• [x] Store the the purposeConsentMap and purposeConsentRequired in local storage through the ConsentManager (#32721)

• [x] Create Internal API to get purposeConsentMap from ConsentPolicyManager (for syncing) (#32990)

• [x] Runtime and ConsentPolicyManager changes to block building until all purposes are accepted (#32990)

• [ ] E2E tests

• [x] Lauch 100%

• [x] Cleanup /cc @ampproject/wg-approvers

Usage

• Add data-block-on-consent-purposes attributes to elements you want to block based upon consent purposes, and add a list of purposes that you want to be accepted before allowing the component to unblock.

  
  // blocked by AMP runtime
  <amp-foo  data-block-on-consent-purposes=”purpose-analytics,purpose-foo,purpose-bar”>  

// blocked by AMP runtime

``` - To signal to `amp-consent` what consent purposes need to be collected (by comparing against what's stored in local storage) either add `purposeConsentRequired: [‘analytics’, ‘advertising’, ‘vendorA’]` to your inline config or `checkConsentHref` response if `consentRequired: remote`. If the consent purposes are not found in localStorage then the consent prompt UI will be shown. - `amp-consent` stores the consent information (including this consent purposes) in local storage, to save the decision for next user visit. To opt out of storing, use the [`expireCache`](https://github.com/ampproject/amphtml/blob/master/extensions/amp-consent/amp-consent.md#client-caching) feature ``` // From checkConsentHref endpoint or via inline config purposeConsentRequired: [‘purpose-analytics’, ‘purpose-foo’, ‘purpose-bar’] ``` - Collect purpose consents via `promptUI`: Add elements that have a new `setPurpose` action, that takes a list of key value pairs represneting the consent purpose name and if it's been accepted `setPurpose(consentPurposeName=boolean)`. You can use `event.checked` for the boolean value if using a toggle input. Additionally, it is suggested that you add a parameter `purposeConsentDefault=boolean` to existing `accept` and `reject` actions, in the case that the user clicks the accept or reject button without setting all the individual consent purposes ```

Accept Analytics Consent Accept Foo Consent Accept Bar Consent Save Close

``` - Send the the consent purpose's consent state via `promptUISrc` accept or reject post message to amp-consent . In the data object, add in a `purposeConsents` object that has a string to boolean mapping. ``` // checkConsentHref response { consentRequired: true purposeConsentRequired: [‘purpose-analytics’, ‘purpose-foo’, ‘purpose-bar’], consentState: unknown, purposeConsentMap: undefined, } // promptUiSrc’s iframes postmessage response: { type: 'consent-response', action: 'accept', purposeConsentMap: { “purpose-analytics”: accept, “purpose-foo”: reject, “purpose-bar”: accept } } ``` - Elements that are blocked with `data-block-on-consent-purposes`, will be unblocked based off the promptUI - The UI will prompt if not all of the `purposeConsentRequired` purposes are locally stored (and we have a global consent) - Amp consent will send the stored consent purpose consents via `checkConsentHref`. The response can also contain `purposeConsents` mapping (just like in `promptUISrc`), so amp-consent can update its stored values to be reflected on next visit.

[morsssss]

I've created a sample which contains a more detailed how-to here. You can look at the code or clone it here. Please try it out yourself and tell us what you think!

[ashishpuliyel]

Hi, quick question, am I right that is only for client-side consent, and granular consent can't be used for the "Advanced User Consent Flow" (with an external CMP)? Is there any way to achieve granular consent when using an external CMP?

[morsssss]

I remember that @micajuine-ho was quite interested in external CMPs. But unfortunately I haven't been working with AMP since this launched - and Micajuine isn't either. I don't know the latest here.

Perhaps @alanorozco or @caroqliu would know more?

[ashishpuliyel]

Fingers crossed! Any clues at all would be helpful.

The original issue (https://github.com/ampproject/amphtml/issues/26735) – which wasn't raised by me – actually uses The Guardian's consent options as an example, and that's the site I'm working on. So I was thrilled to find a discussion on exactly the problem I had, using my site as an example, and an apparent feature implemented to deal with it. Unfortunately since the Guardian uses an external CMP, the feature that came out doesn't seem to be applicable to us. I'm still hopeful there is some way to get this functional with an external CMP somehow but I'm increasingly thinking there might not be.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.