GDPR Consent

This document describes specific integration instructions to ensure compliance with the European Union's General Data Protection Regulation (GDPR).

Setting Consent and Regulatory Parameters

There are required parameters that can be passed in the consent object on the ADR that will set consent within Kevel, declare a user subject to GDPR or pass consent to downstream providers. The parameters are available for both the Decision API and ados.js.

Parameter	Type	Description	Example
`gdprConsentString`	string	Passes a user's consent to downstream providers via an IAB consent string. Does not pass Kevel consent, which must be passed via the `gdpr` parameter OR when an allowed `gdprVendorId` is passed and the user specifies ad selection consent (purpose number `3`) in the consent string. `gdprConsentString` will be passed to downstream providers regardless of whether the request's IP address originates from the EU.	"ALONGSTRINGGOESHERE"
`gdprConsentRequired`	boolean	Requests with `gdprConsentRequired` set to `true` treat the user as requiring GDPR consent, even if the request or UserDB record doesn't use an EU IP address. Likewise, setting to `false` identifies the user as being outside of the EU and not subject to GDPR.	`true`
`gdprVendorId`	integer	A vendor ID that is used to compute the boolean `gdpr` consent from a consent string in `gdprConsentString` (if one is provided). The vendor ID is from the IAB vendor list. Consent will only be calculated if the vendor ID is allowed and the user specifies ad selection consent (purpose number `3`) in the consent string.	`1234

Parameter

Type

Description

Example

gdprConsentString

string

Passes a user's consent to downstream providers via an IAB consent string. Does not pass Kevel consent, which must be passed via the gdpr parameter OR when an allowed gdprVendorId is passed and the user specifies ad selection consent (purpose number 3) in the consent string.

gdprConsentString will be passed to downstream providers regardless of whether the request's IP address originates from the EU.

"ALONGSTRINGGOESHERE"

gdprConsentRequired

boolean

Requests with gdprConsentRequired set to true treat the user as requiring GDPR consent, even if the request or UserDB record doesn't use an EU IP address. Likewise, setting to false identifies the user as being outside of the EU and not subject to GDPR.

true

gdprVendorId

integer

A vendor ID that is used to compute the boolean gdpr consent from a consent string in gdprConsentString
(if one is provided). The vendor ID is from the IAB vendor
list. Consent will only be calculated if the vendor ID is allowed and the user specifies ad selection consent (purpose number 3) in the consent string.

`1234

The requests below are examples of the consent strings being used to set regulations and derive GDPR consent:

gdprConsentRequired is true, which indicates that the user is subject to GDPR regulation and therefore consent defaults to false. However, the request passes the user's gdprConsentString and the applicable gdprVendorId, and the consent string contains ad serving consent for that allowed vendor ID. Kevel will calculate GDPR consent to true.

## Decision API

{
  "consent": {
    "gdprConsentRequired": true,
    "gdprConsentString": "EXAMPLESTRING",
    "gdprVendorId":1234
  },
  "placements": [
    {
      "divName": "div1",
      "networkId": 1234,
      "adId": 12345,
      "siteId": 12345,
      "adTypes": [
        5
      ]
    }
  ]
}


## ados.js

<script type="text/javascript">
2    var ados = ados || {};
3    ados.run = ados.run || [];
4    ados.run.push(function() {
5      ados_add_placement(1234, 123456, "azk829044", 5);
6      ados_setConsent({gdprConsentRequired: true,gdprConsentString: "EXAMPLESTRING","gdprVendorId":1234});
7      ados_load();
8    });