The General Data Protection Regulation (GDPR) and ePrivacy directive, created to protect European Union (EU) and United Kingdom (UK) data subjects' right to privacy and protection of their personal data, took effect on May 25, 2018. If users fall under the jurisdiction of the GDPR, it is the publisher's responsibility to provide users with the option to consent to specific uses of their data under the GDPR. The GDPR applies if users:
Are located in the EU or UK
Offer services to individuals located in the EU or UK
Monitor the behavior of individuals located in the EU or UK
In light of these regulations, the Interactive Advertising Bureau (IAB) created the Transparency and Consent Framework (TCF) to help all parties in the digital advertising chain to communicate in a unified manner and comply with these regulations when processing personal data or accessing and or storing information on a user's device.
The IAB Europe acts as the guardian for the TCF and oversee standardized protocol for ad transactions. The collection form implemented by the publishers to the consumers is known as the Consent Management Platform (CMP). The CMP creates a consent string that can be shared with declared downstream vendors that consumers have opt-in for data processing during ad delivery.
As a vendor, according to the TCF, Synamedia:
Is registered with IAB and is listed in the TCF v2 Global Vendor List (JSON): Synamedia Vendor ID: 1174
Has implemented a tenant wide TCF support for the operators to enforce their GDPR adherence.
Has implemented the GDPR parameters and Macros for the publishers to pass to their viewers' consent settings.
Based on the signal received and the GDPR parameters, a subscriber is served personalized or non-personalized ads. For more information, see IAB's Transparency and Consent Framework v2.0 and associated links.
In the IAB Transparency and Consent Framework, the following GDPR parameters are described:
gdpr: This indicates whether or not the ad request is subject to GDPR regulations Possible values: 0/1. The GDPR Macro will be populated with the GDPR tenant's configuration value. For example, GDPR=1 if tenant is configured as GDPR compliant; otherwise, the value will be 0.
gdprconsent: This is to pass in the 'URL-safe and base64-encoded GDPR consent string'. This consent string encodes the consented-to purposes and vendor consent string, as obtained from the CMP JS API or OpenRTB.
If the advertiser uses a third-party tag for ad delivery or tracking, then Synamedia Iris must check the consent string to validate whether the vendor and Synamedia is having sufficient consent from the user. Synamedia will serve personalized ads when all of the following criteria are met. The user grants Synamedia consent to the following:
Store and/or access information on a device
Create a personalized ads profile
Select personalized ads
Legitimate interest is established (or consent is granted, when a publisher configures their CMP to use publisher restrictions to request consent for Synamedia) for Synamedia to perform the following:
Select basic ads
Measure ad performance
Apply market research to generate audience insights
Develop and improve products
