Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Vendors with flexible consent and no purpose are not encoded properly

See original GitHub issue

Version v1.2.1

Module (core, cmpapi, cli, stub, or testing) @iabtcf/core

Describe with reproduction steps – What is the expected behavior? This vendors has this declaration in the last IAB json file (v88)

    "278": {
      "id": 278,
      "name": "Integral Ad Science, Inc.",
      "purposes": [],
      "legIntPurposes": [
        7,
        10
      ],
      "flexiblePurposes": [
        7,
        10
      ],
      "specialPurposes": [
        1
      ],
      "features": [],
      "specialFeatures": [],
      "policyUrl": "https://integralads.com/privacy-policy/",
      "cookieMaxAgeSeconds": null,
      "usesCookies": false,
      "usesNonCookieAccess": false
    },

When I use that file to encode the iabString, I’ve got this for instance:

CPFuoilPFuoilAtABBFRBYCsAP_AAH_AAAAAHwtf_X__b39j-_59__t0eY1f9_7_v-0zjhfdt-8N2f_X_L8X42M7vF36pq4KuR4Eu3LBIQNlHOHUTUmw6okVrTPsak2Mr7NKJ7LEinMbe2dYGHtfn91TuZKYr_78_9fz__-__v___9f3r-3_3__59X---_e_V399zLv9__3-B7oBJhqXwAWYljgyTRpVCiBCFYSHQCgAooBhaJrCBlcFOyuAj1BAwAQmoCMCIEGIKMWAQACAQBIREBIAeCARAEQCAAEAKkBCAAiYBBYAWBgEAAoBoWIEUAQgSEGRwVHKYEBEi0UE9lYAlF3saYQhlFgBQKP6KjARKEECwMhIAAAA.YAAAAAAAAAAA

When I decode,

The vendors 278 is false, and legitimate is true.

*** Expected *** The vendors 278 is true, and legitimate is true.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:5

Top GitHub Comments

1reaction

dmdabbscommented, Aug 10, 2021

Hello @vincent-ogury.

*** Expected ***
The vendors 278 is true, and legitimate is true.

A vendor can declare their flexibility in legal basis, but the signals (and what is disclosed to the user) can always only have one basis for the same purposes. So the signals you saw were appropriate. IAS declared those two purposes with legitimate interest basis, but flexibly. I refer you to the specification section about Publisher Restrictions:

https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20Consent%20string%20and%20vendor%20list%20formats%20v2.md#what-are-publisher-restrictions cc: @shortaflip

0reactions

shortaflipcommented, Aug 16, 2021

Given the reply by dmdabbs, I am closing the ticket.

Top Results From Across the Web

Google IAB TCF 2.0 Error Codes and Guidance

Error Description Suggested Action 6.1 TC string version is 1 or 1.1 (v1.0 string). CMP should send TCF v2.0 strings. 7.8 TC string version field...

GDPR-Transparency-and-Consent-Framework/IAB Tech Lab ...

Vendors that declared a purpose with a default legal basis (consent or legitimate interest respectively) but also declared this purpose as flexible must...

Integration with the IAB TCF v2.0 - Campaign Manager 360 Help

This allows Campaign Manager 360, Search Ads 360, and Display and Video 360 to receive and pass on TCF v2.0 user permissions, which...

OAuth JWT: Granting Consent - DocuSign

Before your client ID (integration key) can be used to obtain an access token for a user, the user must grant the client...

Global Privacy Platform - IAB Tech Lab

Established in 2014, the IAB Technology Laboratory (Tech Lab) is a non-profit ... Privacy Platform (GPP) architecture which will enable data use ......