Video SSP and GDPR

Video SSP complies with the General Data Protection Regulation (GDPR). Our compliance is delivered through adoption of the IAB Transparency and Consent framework (TCF).

One of the requirements of theTCF is to support the passing of user consent preferences throughout the advertising ecosystem. This can be done via macros in ad tags and URL-based services, including VidVideo SSP’s ad tags for Marketplace Connections and Inventory Sources.

We support two macros.

Macro Macro Type Definition Expected Input
gdpr Boolean This value indicates whether or not user is subject to GDPR.

0 = user is not subject to GDPR, 1 = user is subject to GDPR

gdpr_consent String This string represents a user’s consent preferences. The construction and encoding is defined in the IAB TCF.

base64 encoded web safe string, generated by a Consent Management Provider (CMP)

These macros are populated with data from an IAB framework-compliant Consent Management Provider (CMP).


Note: GDPR became effective May 25, 2018. Ad tags that include the consent information macros should have been implemented at that time. For additional information reach out to your account manager.

RTB integration guide

The RTB integration guide provides technical details for developers and sales engineers regarding supported Video SSP RTB API specifications.

See the Video SSP Technical Requirements for Integration Guide (must be logged in to view) for full details.

User Object

Object Name Included Type Description
ext when available object Our platform will include “consent” extension to comply with GDPR (see below).


User Object Extension

Object Name Included Type Description
consent when available string Encoded value of the user consent. Base 64 web safe. Our platform would only pass the consent string if regs.ext.gdpr=1 and Verizon Media has been provided vendor level consent by the user.

User Syncing

There are two methods of user syncing, Push or Pull. The DSP may choose to do either or both.

Push Method (When DSP initiates the user sync URL)

The account team provides the full user syncing URLs. The buyer sends an HTTPS request from the user’s browser to a User Sync URL with these parameters:[DSP_USER_ID]&_origin=1&gdpr=[GDPR_JURISDICTION]&gdpr_consent=[consent_str_based_on_iab_specification]


Parameter Included Type Description
uid always string The DSP should substitute DSP_USER_ID with their unique user ID for the user that the request originates from. The maximum length for the DSP_USER_ID is 128 characters. The DSP must specify the Time To Live (TTL) or expiration of the user ID, after which time our platform will no longer use the ID when sending bid requests
origin optional Boolean 0 = Verizon Media Video SSP initiated user sync. 1 = DSP initiated user sync.
gdpr always Boolean

0=GDPRdoes not apply. 1=GDPRapplies. Video SSP adheres to the IAB Tech Lab - GDPR consent passing for URL-based services.

gdpr_consent when available string URL-safe base64-encoded GDPR consent string.
Only meaningful if gdpr=1

The HTTPS request returns a response code 204 (No Content) with an empty body.

Pull Method (When Video SSP initiates the user sync URL)

Our client code sends an HTTPS request from the user’s browser to a URL specified by the DSP. Video SSP appends the following parameters to the DSP’s User Sync URL.


The DSP should then return a 302 redirect, the redirect URL is the User Sync URL provided below with origin=0.[DSP_USER_ID]&_origin=0&gdpr=[GDPR_JURISDICTION]&gdpr_consent=[consent_str_based_on_iab_specification]

Please reference the parameters table above.


Video SSP will not initiate a user sync request in the following cases:

  • First or third party jurisdiction is in the EU, and first or third party consent shows no consent.
  • First or third party jurisdiction is in the EU, and first or third party consent is missing.

We require all DSP partners to follow the same GDPR logic.

Regs Object

The Regs object contains the COPPA flag, which signals whether or not the request falls under the United States Federal Trade Commission’s (USFTC) regulation for Children’s Online Privacy Protection Act.


Object Name Included Type Description
coppa always integer Flag indicating whether or not the request falls under COPPA regulation as established by the US FTC.
0 = no, 1 = yes.
ext when available object Our platform includes “gdpr” extension to be compliant with GDPR.


Regs Object Extension

Object Name Included Type Description
gdpr always Boolean GDPR value sent, 1= user is from Europe, 0= user is NOT from Europe.


PMP Object and Deal ID Sample Bid Requests