In this article we will break down the GDPR logic of the IAB Transparency and Consent Framework v2.0 and show how the AdServer deals with the different information.
The decision of the user on the website on which your code is installed/played out is decisive as to whether -> functions that require approval can be executed in your AdServer or not.
In order to be able to implement the user's consent with the AdServer, an IAB TCF v2-capable CMP, such as consentmanager.de, is required on the page so that the code from your AdServer can record this information and you can use the providers and functions accordingly or not. You can see how this transfer can take place here -> Transfer of consent information from a consent manager to AdSpirit
&gdpr=1 or 0 | 1 = GDPR applies to the user, e.g. user is located in the EU 0 = GDPR does not apply to the user, e.g. user is outside the EU |
&gdpr_consent=xxxxx | TC-string of the user according to IAB CMP Framework |
So how does the AdServer handle the different information:
USER | gdpr=0 | gdpr=1 | gdpr= not set | |
gdpr_consent=... Accepted | do anything | do anything | do anything | |
gdpr_consent=... Rejected | only consent free things | only consent free things | only consent free things | |
gdpr_consent=not set | EU | only consent free things | only consent free things | only consent free things |
non EU | do anything | do anything | do anything |
We have created some examples of the different combinations:
Condition: gdpr=0 or gdpr= not set
The system looks for the IP whether the user is in the EU or not. If the user is from EU then see also -> -> Condition: consent exists and -> Condition: Consent is not available
USER | gdpr=0 | gdpr=1 | gdpr= not set | |
gdpr_consent=... Accepted | do anything | do anything | do anything | |
gdpr_consent=... Rejected | only consent free things |
only consent free things | only consent free things |
|
gdpr_consent= not set |
EU | only consent free things | only consent free things |
only consent free things |
non EU | do anything | do anything | do anything |
Condition: gdpr=1
--> System does not check the IP and always follows what is entered in gdpr_consent=...
USER | gdpr=0 | gdpr=1 | gdpr= not set | |
gdpr_consent=... Accepted | do anything | do anything | do anything | |
gdpr_consent=... Rejected | nur Accepted Accepted s-freie Sachen | nur Accepted Accepted s-freie Sachen | nur Accepted Accepted s-freie Sachen | |
gdpr_consent= not set | EU | nur Zustimmungs-freie | only consent free things | only consent free things |
non EU | do anything | do anything | do anything |
Condition: consent exists gdpr_consent=CPcgfvAPcgfvAAfROBE...
--> the approvals/rejections are taken no matter what value was set for gdpr=
USER | gdpr=0 | gdpr=1 | gdpr= nicht vorhanden | |
gdpr_consent=... Accepted | do anything | do anything | do anything | |
gdpr_consent=... Rejected | only consent free things | only consent free things | only consent free things | |
gdpr_consent= not set | EU | nur Zustimmungs-freie | only consent free things | only consent free things |
non EU | do anything | do anything | do anything |
Condition: not set gdpr_consent=
--> have a look at -> gdpr=0 oder gdpr= not set oder -> gdpr=1 if there is no value for gdpr_consent, then it is treated like a rejection for the EU.
USER | gdpr=0 | gdpr=1 | gdpr= not set | |
gdpr_consent=... Accepted | do anything | do anything | do anything | |
gdpr_consent=... Rejected | only consent free things | only consent free things | only consent free things | |
gdpr_consent= not set | EU | nur Zustimmungs-freie | only consent free things | only consent free things |
non EU | do anything | do anything | do anything |