Using TCF with Prebid

Oct 13, 2021

πŸ“˜

Note

As of September 2021, global scope will no longer be supported per the recent TCF Policy and Technical Specifications. To view the formal notification, please refer to the IAB Europe PDF Notification and IAB Europe PDF Notification Update.

Some publishers use the application Prebid for header bidding on their sites. OneTrust, working as a Consent Management Provider (CMP), gathers consent from the user and writes consent strings defined by the IAB framework. OneTrust's configuration is compatible with sites that use Prebid.

In order to consider site visitor consent in header bidding auctions, Publishers must first complete the following steps:

  • Update Prebid to the latest version
  • Add the Consent Management - GDPR module when downloading the prebid.js JavaScript file.

Process

The module uses the following basic process:

  1. Fetch the site visitor's consent data from the CMP.

To load the TCF stub before the banner script loads, you need to add the following tag to the head section of your website, before any header bidding scripts.

<script src="https://cdn.cookielaw.org/consent/tcf.stub.js"" type="text/javascript" charset="UTF-8"></script>

You will not need to make any changes to the banner script tag. For an example, see Using TCF with Prebid.

πŸ“˜

Note

For new visitors, the CMP will respond only once to indicate there is consent information available (i.e. the user has made consent selections). Since this can take time, the module has a timeout setting. The CMP will be allotted a specified amount of time to operate before the timeout occurs and the operation fails.

If an error or timeout occurs, the auction will either be canceled or will proceed without the site visitor's consent selections.

Publishers can select either option through their implementation of the Prebid code, as appropriate for their sites.

  1. Prebid will incorporate the consent information into the auction objects (for adapters to collect) and then allow the auction to proceed.

Configuring Prebid

GDPR

You can configure your Prebid deployment with an IAB CMP by adding a consentManagement.gdpr configuration option.

GDPR Example

var pbjs = pbjs || {};
pbjs.que = pbjs.que || [];
pbjs.que.push(function() {
    pbjs.setConfig({
        consentManagement: {
            gdpr: {
                cmpApi: 'iab',
                timeout: 8000,
                defaultGdprScope: true
            }
        }
    });
});

If you do not collect consent for the entire IAB Global Vendor List, make sure to configure the IAB Vendor IDs corresponding to the bidders that you are working with through Prebid. If you collect consent of all IAB Vendors, then there is nothing further to configure.

CCPA

You can configure your Prebid deployment with an IAB CMP by adding a consentManagement.usp configuration option.

CCPA Example

var pbjs = pbjs || {};
pbjs.que = pbjs.que || [];
pbjs.que.push(function() {
    pbjs.setConfig({
        consentManagement: {
            usp: {
                cmpApi: 'iab',
                // US Privacy timeout 100ms
                timeout: 100 
            }
        }
    });
});

GDPR and CCPA Example

var pbjs = pbjs || {};
pbjs.que = pbjs.que || [];
pbjs.que.push(function() {
    pbjs.setConfig({
        consentManagement: {
            gdpr: {
                cmpApi: 'iab',
                // Suppress auctions if there's no GDPR consent string
                allowAuctionWithoutConsent: false, 
                // GDPR timeout 3000ms
                timeout: 3000  
            },
            usp: {
                // US Privacy timeout 100ms
                timeout: 100 
            }
        }
    });
});

For more information about how the ConsentManagement module from Prebid works, please see Prebid Website.