This document contains implementation guidelines reviewed by the IAB Tech Lab GDPR Commit Group for inclusion in the IAB Europe Transparency and Consent Framework.

Overview

Consent signals (for GDPR) can currently be obtained through the CMP Consent JS Javascript API (for services running as a Javascript tag), or through OpenRTB extension fields for exchanges and bidders. However, consent signals also need to be provided to pixels, pixel redirects used in beaconing, and user ID matching processes.

Specifications

Full consent-string passing

Services that are called using a URL from the user's browser, like cookie tracking pixels (called the 'callee') should be passed in the following parameters. The creator of the URL should ensure these parameters are added only once, and are passed to services which are expecting them and can handle them properly.

URL parameter	Possible values	Purpose
gdpr	0 / 1	0=GDPR does not apply 1=GDPR applies If not present, callee should do geoIP lookup, and GDPR applies for EU IP addresses
gdpr_consent	URL-safe base64-encoded GDPR consent string. Only meaningful if gdpr=1	Encodes the consented-to purposes and vendor consent string, as obtained from the CMP JS API or OpenRTB.

GDPR Consent passing for URL-based services

Overview

Specifications

Full consent-string passing

Related Articles

Trending Articles

Related Articles

Trending Articles

Got what you needed? If not, please contact your dedicated Account Management representative.

Got what you needed? If not, please contact your dedicated Account Management representative.

Got what you needed?
If not, please contact your dedicated Account Management representative.

Got what you needed?
If not, please contact your dedicated Account Management representative.