bretg
commented
9 months ago @mwang-sticky - we discussed this in committee and would like to understand your use case in more detail.
Open mwang-sticky opened 9 months ago
bretg
commented
9 months ago @mwang-sticky - we discussed this in committee and would like to understand your use case in more detail.
mwang-sticky
commented
9 months ago @bretg Thanks for your interpreting. As an adserve or SSP, we have removed some personal data (ip/zipcode/lat/lon/user) according to our Lawyer's requirements. But we still pass the geo.country, if we remove the geo.country, the request will be considered as IVT and blocked, so I am asking is there any configuration to change the default behavior if coppa=1. I will test account level configuration, thanks,
bretg
commented
9 months ago @mwang-sticky - COPPA processing should not be removing device.geo.country. That's not happening in PBS-Java. If it's happening in PBS-Go, it's a bug.
However, it might be removing user.geo.country along with everything else in the user object. Is there a reason you need to have the data in user rather than device?
mwang-sticky
commented
9 months ago I use PBS-Go, and the country we are using is device.geo.country, we don't support user.geo now.
If the regs.coppa=1, the auction request
"device": {
"ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
"geo": {
"country": "US",
"type": 2
},
"language": "en",
"ip": "97.116.103.1",
"devicetype": 2,
"dnt": 0,
"os": "windows",
"js": 1
},and the ortb request to SSP is like
"device":{"geo":{},"dnt":0,"ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36","ip":"97.116.103.0","devicetype":2,"os":"windows","js":1,"language":"en"}do you mean this is bug in PBS-Go?
mwang-sticky
commented
9 months ago I think the related code
if lmt || coppa {
privacy.ScrubDeviceIDsIPsUserDemoExt(reqWrapper, ipConf, "eids", coppa)
}
if scrubFullGeo {
scrubGeoFull(reqWrapper)
} else {
scrubGEO(reqWrapper)
}
func scrubGeoFull(reqWrapper *openrtb_ext.RequestWrapper) {
if reqWrapper.User != nil && reqWrapper.User.Geo != nil {
reqWrapper.User.Geo = &openrtb2.Geo{}
}
if reqWrapper.Device != nil && reqWrapper.Device.Geo != nil {
reqWrapper.Device.Geo = &openrtb2.Geo{}
}
}Here's a proposal on geo field anonymization scenarios:
mwang-sticky
commented
9 months ago @bretg do you mean the PBS-go will support keeping board device.geo.country and device.geo.region if coppa=1 in the future?
bretg
commented
9 months ago I'm going to propose that to legal counsel and to the committee. If they agree, then yes.
bretg
commented
7 months ago Spoke with Prebid's legal counsel. She agreed that Prebid Server could reasonably preserve device.geo.country, device.geo.region, and device.geo.utcoffset
Updated the details in the Activity Control table https://github.com/prebid/prebid.github.io/pull/5106
bretg
commented
7 months ago Discussed:
bretg
commented
5 months ago Seems like COPPA should also disallow syncUser and transmitEids.
Honestly this sounds like a pretty bad idea, but it's your lawyers. I'll help you be defining a feature which you can then build and submit as an open source contribution.
privacy.coppa.enabledfalse, all COPPA checks are skipped. The default istrue.ext.prebid.traceis defined (both basic and verbose) in either case. e.g. "IP address being rounded due to COPPA flag" or "IP address rounding skipped in COPPA environment due to the feature being disabled."(Update: it's been decided COPPA enablement isn't needed at this point - updating to pass the country/region is sufficient)