TCF 2.0 Functional Requirements

[ppuviarasu]

Prebid Mobile supports the IAB Europe Transparency & Consent Framework (the “Framework”).
This is a reference for mobile app publishers using Prebid Mobile to surface notice, transparency and choice to end users located in the EEA and signal approved vendors and, where necessary, pass consent, to demand sources and their vendors.

The key goal of PrebidMobile is to help publishers pass on the TCF values to the demand partners. Publishers can use any IAB approved Consent Management framework to set the TCF values. PrebidMobile must provide publishers the ability to
Read the stored TCF string
Send the TCF string

The consent API's will check for TCF2.0 params (IABTCF_gdprApplies & IABTCF_TCString). If the parameters are not available then fall back to TCF1.1 parameters (IABConsent_SubjectToGDPR & IABConsent_ConsentString)

TCF 2.0 introduced new parameters IABTCF_PurposeOneTreatment that needs to be parsed by the vendors. PurposeOneTreatment is a flag that indicates whether purpose1 (“Device Storage & Access”) was granted by the user via “affirmative express unambiguous consent” (PurposeOneTreatment = 0), or whether Purpose1 was not disclosed to the user (PurposeOneTreatment = 1). This is a technical reflection of a political reality: those in Germany and the Nordic countries have differing laws whereby the publishers feel they do not need to disclose PurposeOne, like the rest of the countries do.

When a request is defined to be GDPR in-scope, the SDK must confirm that the ‘deviceAccessConsent’ flag is true. Here’s the truth table for when the SDK is allowed to access the device ID: https://docs.google.com/document/d/1fBRaodKifv1pYsWY3ia-9K96VHUjd8kKvxZlOsozm8E/edit#heading=h.wjk7zfwgo1a2

 
The OpenRTB interface to Prebid Server should remain the same:
regs.ext.gdpr
user.ext.consent

"user" : {

"ext" : {

"consent" : "testGDPR"

},
},

"regs" : {

"ext" : {

"gdpr" : 1

}
}