An important aspect in the privacy obligations you may have towards your users is the acquisition and conveyance of user choices over how their personal data may be used (i.e., “purposes”) and by whom (i.e., “companies”).
Adobe provides you with the means to manage and communicate your users’ privacy choices through the Opt-in functionality and through IAB Transparency and Consent Framework (TCF) support.
This article describes the Audience Manager use cases that support the IAB TCF and how to implement IAB TCF support in Audience Manager.
Audience Manager is registered in the IAB TCF with the vendor ID 565.
The Audience Manager Plug-in for IAB TCF utilizes the Opt-in functionality, which is, in turn, part of the Adobe Experience Platform Identity Service (ECID) library.
As a Publisher or Advertiser working with Audience Manager, you are able to convey user choices to Audience Manager as per IAB TCF.
IAB TCF regulations apply only to visitors located in the European Economic Area.
Audience Manager helps you respect your users’ privacy choices and also provides you with an easy way to communicate these choices to all the partners you work with.
Currently, Audience Manager does not support:
Customers who are upgrading their Audience Manager Plug-in for IAB TCF implementation from IAB TCF v1.1 to IAB TCF v2.0, or enabling IAB TCF v2.0 for the first time, should all follow the same guidelines on prerequisites and implementation as described below.
Audience Manager supports IAB TCF v2.0.
IAB TCF v1.1 support will end on August 15th, 2020.
Customers who wish to continue using the Audience Manager Plug-in for IAB TCF for consent management should upgrade to latest version of ECID for continued support.
After upgrading to the latest ECID version, IAB TCF v1.1 consent strings will no longer be supported, so make sure to update your CMP before upgrading to the latest ECID version.
You must meet the following prerequisites to use the Audience Manager Plug-in for IAB TCF with Audience Manager:
If you are using a Consent Management Platform (CMP) that does not support IAB TCF v.2.0, Audience Manager will automatically send the gdpr=0
parameter in ID syncs, even if your visitors are in the European Union. To determine if your GDPR validation is active, we recommend that you confirm with your Consent Management Platform (CMP) that they support IAB TCF v2.0.
To enable the IAB TCF support in Audience Manager, read our documentation on how to set up IAB with Opt-in.
The easiest way you can do this is by using Adobe Experience Platform Tags to add ECID Opt-in on your properties. Read the documentation for the ECID Opt-in extension to learn how to set up the Tags extension.
When visiting a web property, your users can provide their choices regarding how their data is to be used by the publisher and by the third-party vendors that the publisher works with.
Users provide their choices in the form of consent and legitimate interest for the IAB purposes to third-party vendors registered in the global vendor list.
The image below represents an example of a CMP dialogue, displayed to a first-time visitor of a website. Keep in mind that this dialogue can look very different, based on customer implementation.
Details on the various purposes and permissions included in IAB TCF v2.0 are covered in the IAB Europe Transparency & Consent Framework Policies.
Users may grant their consent or legitimate interest (if available) for a combination of purposes and vendors. For example, users could grant their consent for storing information on a device, developing and improving products, and grant their consent to all third-party vendors displayed by the CMP.
Or, in another example, they could grant their consent or legitimate interest for all purposes but only grant consent or legitimate interest to a few of the vendors displayed by the CMP.
Once the user selects their privacy choices, the user choice(s) are recorded in the IAB TC string. The IAB TC string stores the combination of approved purposes and vendors, along with other metadata information (see the IAB page for more information).
Every vendor registered in the IAB TCF evaluates the IAB TC string and makes decisions based on the users’ privacy choices. Keep in mind that the users’ privacy choices are valid across all vendors registered with IAB TCF.
Audience Manager evaluates the users’ choices stored in the IAB TC string for the following purposes, defined in the IAB Europe Transparency & Consent Framework Policies.
Audience Manager needs consent for Purpose 1 and Purpose 10, plus vendor consent, in order to deploy cookies and initiate or honor ID syncs.
Per IAB regulations, Special Purpose 1 (Ensure security, prevent fraud, and debug) is always consented to, and users cannot object to it.
Audience Manager works differently depending on whether the IAB TC string includes user consent for the two purposes (store and/or access information on a device, and develop and improve products) or not.
We also check for user consent for all the destinations that you work with in Audience Manager, as long as those destinations are registered with IAB TCF.
When your user provides consent, Audience Manager: | When your user declines consent, Audience Manager: |
---|---|
|
|
By implementing the Audience Manager Plug-in for IAB TCF, you are not required to maintain custom code for consent management on your web properties via a different mechanism with Adobe or other third-party vendors. The use case is described in the image and in the steps below. Start from the left of the image:
isIabContext=true
). See Recommendations and how to implement.gdpr = 1
) and whether there is a CMP, registered with IAB TCF, on your web property. For example, this would apply to users visiting from the European Union. Note that it is your responsibility as a publisher to set the GDPR flag.gdpr_consent
parameter, for the required consent. Audience Manager needs consent for storing and/or accessing information on a device (IAB TCF purpose 1), developing and improving products (IAB TCF purpose 10), plus Audience Manager vendor consent to store, process, or activate data.If you are working with Audience Manager destination partners who require IAB TCF parameters, but you do not have a CMP that supports IAB TCF on your website, then Audience Manager sends gdpr=0
in ID syncs. This means that GDPR does not apply to those users.
If that is not desired, you should enable the IAB TCF functionality in Audience Manager to send the appropriate IAB TC strings to the destination partners.
Audience Manager evaluates and honors consent passed in pixel calls, in accordance with the IAB TCF.
Pixels may be placed by Audience Manager customers on their partner pages or they are placed in ad servers to include in the ad response. In the first case, your partner must programmatically retrieve the consent parameter and add it to the pixel before firing. In the second case, which is more common and is described in detail below, ad servers append the consent parameters they receive from the Supply-Side Platform (SSP) or publisher ad servers to all pixels.
Audience Manager uses two parameters to pass user consent in pixel calls:
gdpr
can be 0 (GDPR does not apply) or 1 (GDPR applies);gdpr_consent
is the URL-safe base64-encoded GDPR consent string (see specification). A sample call for an impression pixel, with the two parameters could look like below:https://yourcompany.demdex.net/event?d_event=imp&gdpr=1&gdpr_consent=consentstring&d_src=datasource_id&d_site=siteID&d_creative=creative_id&d_adgroup=adgroup_id&d_placement=placement_id
The use case is described in the image and in the steps below. Start from the left of the image:
gdpr
and gdpr_consent
variables in pixel calls.gdpr
and gdpr_consent
variables in pixel calls.gdpr
and gdpr_consent
variables in pixel calls.The Audience Manager Plug-in for IAB TCF enables you to forward the IAB TC string to activation partners while respecting users’ privacy choices. For information on which activation partners support IAB TCF, refer to our list of device-based destinations.
The Audience Manager integration with IAB TCF v2.0 supports the appending of consent to information sent to URL destinations that are integrated with IAB TCF v2.0. However, this process is not done automatically by Audience Manager, to avoid breaking specific URL formats.
Customers who wish to append consent to data sent to URL destinations must manually add the ${GDPR}
and ${GDPR_CONSENT_XXXX}
macros to their URL format, replacing XXXX
with the destination partner ID.
Example: https://yourdomain.com?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_1234}
.
See Destination Macros Defined for more details about the supported destination macros.
The Audience Manager Plug-in for IAB TCF automatically opts out the IDs present on a request, when your site visitors do not provide the appropriate permissions. If the request contains a cross-device ID (CRM ID), Audience Manager opts out the ID, together with the last device linked to that cross-device ID (CRM ID).
To test that you have correctly implemented the Audience Manager Plug-in for IAB TCF, read Use Case 4 in Validating Opt-in Service.
Another privacy option at your users’ disposal is the ability to opt out of all data collection. Adobe provides users with the means to do so within the Your Privacy Choices page.
Audience Manager addresses opt-out requests in a separate article in our documentation.
Users who are opted out of all data collection after they decline consent, cannot be opted back in.
Order of Precedence - If your user opts out of data collection using a global opt-out tool, as described in the link above, this takes precedence over the opt-in and IAB verifications.