Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the Global Privacy Control signal to the OpenRTB extensions #98

Open
AramZS opened this issue Apr 8, 2022 · 1 comment
Open

Add the Global Privacy Control signal to the OpenRTB extensions #98

AramZS opened this issue Apr 8, 2022 · 1 comment

Comments

@AramZS
Copy link

AramZS commented Apr 8, 2022

The Global Privacy Control is a specification that allows users to--at the browser or browser extension level--specify their preference to opt out of their data collection and into the available privacy regime that might support such a request. According to the specification:

the use of the GPC signal by an individual will be intended to communicate the individual's intention to invoke the following rights, as applicable:

  • Under the CCPA, the GPC signal will be intended to communicate a Do Not Sell request from a global privacy control, as per [CCPA-REGULATIONS] §999.315 for that browser or device, or, if known, the consumer.

Where the GPC signal conflicts with the existing privacy settings a consumer has with the business, the business shall respect the GPC signal but may notify the consumer of the conflict and give the consumer an opportunity to confirm the business-specific privacy setting or participation in the financial incentive program [CCPA-REGULATIONS] §999.315(c)(2).

While still experimental, GPC could potentially be used to indicate rights in other jurisdictions as well.

Currently the California AG has stated that the GPC signal is a legitimate way to state a Do Not Sell directive under CCPA and as such the primary use for most publishers will be to read the GPC signal and use it to set the preexisting USPAPI signal. However, not all publishers may decide to do this, some may not know to, and some may have legal interpretations that state otherwise.

Additionally, downstream consumers of the OpenRTB signal may decide through their own legal analysis that GPC applies more broadly than just to California residents. At this time, there is no way to enable anyone outside of the publisher who is involved in the bidstream to make such a decision, since the GPC signal--while present on the network request as a header--may not be present on the signals passed through servers and other systems in the form of the OpenRTB objects.

By adding GPC to the OpenRTB spec in the form of an extension, it will enable other bidding system participants to make their own decision as to if they wish to apply a stricter standard of privacy.

@patmmccann
Copy link
Contributor

@AramZS this just got merged at Prebid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants