Transparency and Consent Framework 2.0 (EU)

This article describes Basis' behavior and technical requirements only. It is not a substitute for legal advice. You may have additional obligations to ensure that you are complying with the regulations discussed below, and should consult your own legal counsel for advice.

The European Union (EU) has privacy regulations, including the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications (ePrivacy Directive, or ePD), that require special consideration for online advertising.

As a result, the only lawful basis that Basis relies on for handling personal data in EU is consent. To determine consent, Basis implements the Interactive Advertising Bureau (IAB)'s Transparency and Consent Framework (TCF) 2.0.

This impacts DSP operations in the following areas:

Bidding

If a bid request comes with a TCF string indicating appropriate consent for Basis, we operate as usual. Otherwise, functionality that requires a user ID or other personal data is disabled. The following features require personal data:

  • First-party audience targeting

  • Third-party audience targeting

  • Frequency capping

  • Cross-device

  • Reach/frequency measurement

  • Conversion attribution

Audience, Conversion, and Universal Pixels

Unless we can determine that the user has granted consent to Basis, the following operations are turned off and no data is collected:

  • Audience

  • Conversion

  • Universal pixels

Using a consent management platform (CMP) compatible with IAB's TCF v2.0 on your site lets users consent to data collection by Basis. The two ways to pass Basis the necessary information to determine if there is appropriate consent are through a universal pixel script or query string parameters.

Universal Pixel Script (Recommended)

The Universal Pixel script interacts with the CMP using the TCF CMP API. It queries the CMP to determine the user's consent status and sends that information with the request back to Basis' servers. If you use the universal pixel script to collect audience or conversion data and have a CMP correctly installed on your site, you do not need to perform any further setup steps.

Query String Parameters

You can manually pass consent information to Basis using query string parameters. Audience, conversion, and universal pixel URLs support gdpr and gdpr_consent parameters:

  • gdpr: Use a 0 or 1 to indicate that GDPR does not or does apply for this event. Regardless of sending gdpr=0, Basis checks geolocation and applies GDPR rules if it appears that the user is in the EU.

  • gdpr_consent: Provide a TCF v2.0 consent string.

For example, you might deploy an image pixel like this, where the gdpr and gdpr_consent parameters are dynamic based on the status for the current user:

Copy
<img src="https://pixel.sitescout.com/iap/j1a4032851d5411h?gdpr=1&gdpr_consent=CPVV5s7PVV5s7AcABBENCFCgALAAAE_AAChQG7wIoAFAAWAA0ADMAIAAhABcADIAGgARQAkwBMAE4AKAAUgAtwCDAIQAR0AowClAFaAQCAg4CEAEdAJ2AUkAsQBdQDAgHVAP0AjUBJwC0QF5gMZAZYA3cDL4D0ACgALAAzACAAIQAXAAyABoAEWAJgAmgBQACkAIQARwAowBSgCtAIBAQcBCACLAE7ALEAXUAwIB1QEnALRAXmAwQBjIDLAGXgIBQBAACgAoABSAFaAQgAnYC0QGMhAAwADQAkgBOAC2AKQAsQaAEAQAA6oiAEAQAA6ooAIAA0ADIApAD9CwAQArQFojAAQAGQBSDQAIArR4AgABQATQAoABSAFaATsBaIDGRwAkABoASQAnABbAEIAKQApIB-gEQEAAgADQBSAFJAP0RABABNAFaSACAANAEIAKQA_RMAKAE0AKAAUgBWgMZKABwAGgBJAEIAKSAg4CEAH6ARqVACABNACgAK0BjIAA.dgAACfgAAAAA" width="1" height="1" style="position: absolute; left: -150px;" />

Your CMP or tag manager might support the use of macros to pass this information. As an example:

Copy
<img src="https://pixel.sitescout.com/iap/j1a4032851d5411h?gdpr=${GDPR}&gdpr_consent={$GDPR_CONSENT}" width="1" height="1" style="position: absolute; left: -150px;" />

Consult your CMP or tag manager documentation for more information, or speak with the developer who implemented it on your site.

QA – Chrome

You can use the browser’s developer tools to watch for the request that represents data being sent to Basis.

To check if consent parameters are passing correctly in Chrome:

  1. In Google Chrome, select Chrome’s Menu icon > More tools > Developer tools (Ctrl+Shift+I) on the page with your pixel on it to open the Developer tools panel.

  2. Select the Network tab.

  3. Filter activity results for pixel.sitescout.

  4. In a properly functioning implementation, you should see:

    • Your website doesn't make this request until the EU user visiting the site has given consent via the CMP.

    • The URL contains the gdpr and gdpr_consent parameters and they are set correctly, for example gdpr=1 if EU, and gdpr_consent contains a valid TCF 2.0 consent string containing consent for Basis. You can use an online tool to decode a TCF 2.0 consent string, validate it, and check content accuracy.

The site owner determines if consent gathering is enforced globally or only for EU users. If consent gathering is set only for EU users, then the customer must access the pixel through either a device located in the EU or a VPN service so that they appear to be in the EU in order to observe the behavior above.