search

prebid / Prebid.js

Setup and manage header bidding advertising partners without writing code or confusing line items. Prebid.js is open source and free.
https://docs.prebid.org
Apache License 2.0
1.27k stars 2.04k forks source link

Upgrade User ID Module Privacy Support #6433

Open bretg opened 3 years ago

bretg commented 3 years ago

Type of issue

Enhancement

Description

User ID modules cannot easily get the CCPA consent string. When we built the RealTimeData infrastructure, we made it easy for all RTD sub-modules to obtain all known consent data - every RTD internal interface includes a userConsent data structure so each one doesn't have to dig them up itself.

We should upgrade the User ID module to do this same thing.

1) Add a function in the core User ID module similar to the RTD getConsentData() function:

function getConsentData() {
  return {
    gdpr: gdprDataHandler.getConsentData(),
    usp: uspDataHandler.getConsentData(),
    coppa: !!(config.getConfig('coppa'))
  }
}

2) Update the existing consentData data structure used by UserID-core to call sub-modules

3) Confirm that every sub-module will not choke when receiving these parameters

4) Upgrade SharedId sub-module to make use of these parameters:

Short-circuit ID activity (including setting cookies) if either of these conditions is true:

patmmccann commented 3 years ago

Our approach has been to set the device access flag on opt out, which takes care of the problem that some userIds aren't gathering the usp string. If this is solved, would there be any remaining need for deviceAccess?

patmmccann commented 3 years ago

One note, some userId modules are not facing this limitation, eg https://github.com/prebid/Prebid.js/blob/99098ecc6ee7c037bef92a709f491e50160511bb/modules/parrableIdSystem.js#L193

I think your step 4 above would likely need to include converting those over to the new object as well

smenzer commented 3 years ago

I can see the value in providing all relevant privacy jurisdiction fields in a single function/object like @bretg mentions, but I agree with @patmmccann that this is already partially implemented; we are also retrieving the CCPA uspString already: https://github.com/prebid/Prebid.js/blob/99098ecc6ee7c037bef92a709f491e50160511bb/modules/id5IdSystem.js#L121

gglas commented 3 years ago

@bretg are there pressing implementation issues for this, or should we just move it into the backlog?

bretg commented 3 years ago

Yes, I think this needs to happen, specifically because SharedId and PubCommon should be paying attention to these values. Adding @jdwieland8282

smenzer commented 3 years ago

@bretg maybe I’m missing something but can’t these values already be retrieved by shared Id and pubcommon? We are ingesting them in our module already as do a few others...

patmmccann commented 3 years ago

Is https://github.com/prebid/Prebid.js/issues/6673 a duplicate @smenzer ?

smenzer commented 3 years ago

Is https://github.com/prebid/Prebid.js/issues/6673 a duplicate @smenzer ?

The difference in my request is that we modify the existing consent data parameter (which contains only GDPR today) to support everything (similar to the getconsentdata function described here would provide) rather than passing some data in the function call and requiring another method to get the rest.

@bretg id be happy to have the two issues merged together...what are your thoughts?

bretg commented 2 years ago

Agree that these two issues are essentially the same. I've updated the description of this issue to re-use the existing consentData param rather than adding a new one.

smenzer commented 2 years ago

with the updates from @bretg I agree that these are the same now. I can close out #6673 in favor of this one. thanks Bret!

patmmccann commented 1 year ago

related https://github.com/prebid/Prebid.js/issues/10276