Transparency and Consent Framework 2.0 (EU)
This article describes Basis' behavior and technical requirements only. It is not a substitute for legal advice. You may have additional obligations to ensure that you are complying with the regulations discussed below, and should consult your own legal counsel for advice.
The European Union (EU) has privacy regulations, including the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications (ePrivacy Directive, or ePD) that require special consideration for online advertising.
As a result, the only lawful basis upon which that Basis relies for handling personal data in EU is consent. To determine consent, Basis implements the Interactive Advertising Bureau (IAB)'s Transparency and Consent Framework (TCF) 2.0.
This impacts DSP operations in the following areas:
Bidding
If a bid request comes with a TCF string indicating appropriate consent for Basis, we operate as usual. Otherwise, functionality that requires a user ID or other personal data is disabled. We do not make a bidding decision requiring it, including the following features:
-
First-party audience targeting
-
Third-party audience targeting
-
Frequency capping
-
Cross-device
-
Reach/frequency measurement
-
Conversion attribution
Audience, Conversion, and Universal Pixels
Unless we can determine that the user has granted consent for Basis, audience, conversion, and universal pixels are disabled; data is not collected.
Ensure that you have a consent management platform (CMP) compatible with IAB's TCFv 2.0 installed on your site, presenting the option to users to consent to data collection by Basis.
There are two ways to pass us the necessary information for Basis to determine that there is appropriate consent:
Universal Pixel Script (Recommended)
The Universal Pixel script interacts with the CMP using the TCF CMP API. It queries the CMP to determine the user's consent status, and sends that information with the request back to Basis' servers. If you use the Universal Pixel Script to collect audience or conversion data, and have a CMP correctly installed on your site, you do not need to perform any further setup steps. Everything should work automatically.
Query String Parameters
If you prefer to not use the Universal Pixel script, you can manually pass consent information to Basis. Audience, Conversion, and Universal Pixel URLs support "gdpr" and "gdpr_consent" parameters as follows:
-
gdpr: 0 or 1 to indicate that GDPR does not or does apply for this event. Regardless of sending gdpr=0, Basis checks geolocation and applies GDPR rules if it appears the user is in EU.
-
gdpr_consent: Provide a TCF v2.0 consent string here.
For example, you might deploy an image pixel like this, where the gdpr and gdpr_consent parameters are dynamic based on the status for the current user:
<img src="https://pixel.sitescout.com/iap/j1a4032851d5411h?gdpr=1&gdpr_consent=CPVV5s7PVV5s7AcABBENCFCgALAAAE_AAChQG7wIoAFAAWAA0ADMAIAAhABcADIAGgARQAkwBMAE4AKAAUgAtwCDAIQAR0AowClAFaAQCAg4CEAEdAJ2AUkAsQBdQDAgHVAP0AjUBJwC0QF5gMZAZYA3cDL4D0ACgALAAzACAAIQAXAAyABoAEWAJgAmgBQACkAIQARwAowBSgCtAIBAQcBCACLAE7ALEAXUAwIB1QEnALRAXmAwQBjIDLAGXgIBQBAACgAoABSAFaAQgAnYC0QGMhAAwADQAkgBOAC2AKQAsQaAEAQAA6oiAEAQAA6ooAIAA0ADIApAD9CwAQArQFojAAQAGQBSDQAIArR4AgABQATQAoABSAFaATsBaIDGRwAkABoASQAnABbAEIAKQApIB-gEQEAAgADQBSAFJAP0RABABNAFaSACAANAEIAKQA_RMAKAE0AKAAUgBWgMZKABwAGgBJAEIAKSAg4CEAH6ARqVACABNACgAK0BjIAA.dgAACfgAAAAA" width="1" height="1" style="position: absolute; left: -150px;" />Your CMP or tag manager might support the use of macros to pass this information. As a hypothetical example:
<img src="https://pixel.sitescout.com/iap/j1a4032851d5411h?gdpr=${GDPR}&gdpr_consent={$GDPR_CONSENT}" width="1" height="1" style="position: absolute; left: -150px;" />Consult your CMP or tag manager documentation for more information, or speak with the developer who implemented it on your site.