Feature request: suppress sync calls with macros from non-consented vendors

[patmmccann]

IAB Europe believes 'the spec clearly says the call should be suppressed in the case the macro cannot be resolved'; while I was unable to find that, that is definitely their policy.

Related: InteractiveAdvertisingBureau/Global-Privacy-Platform#60

Originally posted by @patmmccann in #2380 (comment)

${GPP_STRING_XXXXX} is designed to suppress calls to non-mspa signatories in the case of a covered mspa transaction

[bretg]

Not clear to me what this means in the Prebid Server world:

• I believe the purpose of these macros is to let the redirector get the GVLID which might not be available.
• PBS already has the GVLID for the syncer in the config.
• PBS defines its own syncs and since we already know the GVLID, the ${GDPR_STRING_XXX} is not used in any bidder sync. PBS defines syncs with {{gdpr}} - we never define a sync macro using the ${} syntax.
• PBS never resolves ${} macros in ad markup
• Both the /cookie_sync and /setuid endpoint support taking the GDPR string and parsing for vendor permission, matching against the configured bidder GVLID.

The part I'm unclear on is how this applies to GPP. There's no generally available vendor ID like there is for GDPR/TCF. Seems to me like we're dancing around requiring that Prebid understand which vendors are MSPA signatories or not. This is definitely we can do if we need to take separate action.

PBS will never see or resolve ${GPP_STRING_XXXXX} or ${GDPR_STRING_XXXXX}

[bretg]

In addition to the ${} macro not existing in PBS, publishers have account-level control over the syncUser activity.