Prebid.js icon indicating copy to clipboard operation
Prebid.js copied to clipboard
verified publisher icon prebid

Gdpr enforcement module: Automatic vendor exceptions

Open patmmccann opened this issue 3 years ago • 2 comments

Type of issue

Feature request

Description

Some bidders, notably Xandr, but several more, detect purpose one consent and call a cookieless endpoint if it is lacking amd gdpr applies. Publishers often feel comfortable noting a vendor exception for these bidders in the gdpr enforcement configuration.

We should keep track of which endpoints have this behavior, and offer a flag to give them a purpose one enforcement exception in bulk, so that publishers are saved the effort of maintaining a list of partners with this feature.

I'm not sure exactly how this might interact with PBS adapter

patmmccann avatar Jun 17 '22 14:06 patmmccann

@Fawke @bretg looking for your feedback

patmmccann avatar Jun 17 '22 14:06 patmmccann

Let me see if I really understand the architecture here.

AppNexus sets up:

  'appnexus': {
    adapter: 'prebidServer',
    enabled: true,
    endpoint: {
      p1Consent: 'https://prebid.adnxs.com/pbs/v1/openrtb2/auction',
      noP1Consent: 'https://prebid.adnxs-simple.com/pbs/v1/openrtb2/auction'
    },
    syncEndpoint: {
      p1Consent: 'https://prebid.adnxs.com/pbs/v1/cookie_sync',
      noP1Consent: 'https://prebid.adnxs-simple.com/pbs/v1/cookie_sync'
    },
    timeout: 1000

The idea being (I think) that adnxs-simple.com should theoretically (by convention) not get the Prebid Server uids cookie.

But if that's the case, why is the syncEndpoint defined at all? What if that endpoint started creating cookies in adnxs-simple.com? I don't like the idea that Prebid gets in the legal path. We would have to periodically evaluate each special vendor and make sure they're still not actually setting cookies. That would be a hassle.

bretg avatar Jun 21 '22 17:06 bretg