General CMP FAQs
It is the responsibility of the CMP to be the definitive source of truth for users’ consent choices on your site. All scripts loading on the page will check to understand what processing the user has consented to. For this reason, we strongly recommend loading the cmp3p.js file and corresponding initialization code at the top of the document head for the site, before any other scripts that may need to query the CMP. For most publishers, this is sufficient. If interested in other options that do not require synchronous loading of the script, additional options can be found here.
The CMP implements the IAB TCF technical specifications, which offer a standardized API (see CMP JS API in the Technical Implementation Guide Guide) for any client-side components to query a user’s consent preferences. Encourage your partners to support the IAB TCF and update their tags to call the GDPR’s API to check for consent. In some cases, your partners may not be running scripts on your page that can query the CMP directly.
When working with partners who cannot automatically query the CMP to get consent preferences, you have the option to write an adaptor module on your website that queries the CMP JS API to get the consent data, and then append the parameters to your partners’ tags or pixels directly. If such tags are not adjacent to your CMP integration code, if your site or CMS supports it, your adaptor can set global substitution macros that can be used to replace the values of these parameters dynamically when deployed elsewhere on your site.
Most likely yes, you will need to implement CMP JS on these pages, as downstream creatives and pixels may need to check for consent once injected into your pages.
The IAB TCF specifies iFrame communication to and from the GDPR JS be allowed via postMessage() or safeFrames. Full code sample provided by the IAB TCF.
UI/UX and Other Guidance FAQs
- Disclosures should sufficiently cover processing performed by you and the partners with whom you work as it pertains to user data. Describe specific data use and purpose clearly
- Display discloser prominently such that information is easily accessible in the consent UI.
Additionally, any screens where users grant consent should have an easily accessible list of partners or else a direct link to such a list. These disclosures and partner list should be accessible at the time of or before users grant consent.
Check with your partners to understand if they have any additional required disclosure policies.
For each text field in the consent UI, Verizon Media provides sample language that can be used as a guideline for the type of information to be presented to the user. Find this sample language in our Preview and Configuration tool.
Sample text is meant to be demonstrative but has been reviewed by Verizon Media’s Privacy team to ensure that we are setting sound examples in the spirit of compliance. However, every business has unique nuances. Thus, each publisher ultimately bears responsibility for the sufficiency of disclosures displayed to their consumers, and, as such, we strongly recommend that your privacy, product, and legal teams review all text before launching the CMP.
This is purely a publisher decision, though there are some considerations that may be helpful.
A modal experience effectively blocks users from viewing or interacting with your content until they have finalized their consent choices. While displayed, users cannot access background content on screen and cannot dismiss the UI before completing the forms in the consent flow. From a consumer experience perspective, this may be less favorable to end-users, which may lead to higher bounce rates. However, by using a modal experience, you can be assured that the users viewing the content and interacting with advertising on your site have read the privacy disclosures and made choices in the consent flow. This may also be helpful to your partners’ tags and pixels running on your site as consent will be available upfront allowing them to query and identify what processing can be performed.
A banner experience is less obtrusive and does not block users who have not made privacy choices from accessing your content. However, because consumers may be viewing and interacting with your content without granting consent, your site and the partners running on your site must be prepared to operate in a consent-less environment. Therefore, carefully consider how this impacts the products and services offered and the consumer experience. Your partners’ tags and pixels must either be instrumented to periodically check consent during a user’s session or else miss out on opportunities when the user has not granted consent.
By default, a Disagree button is displayed alongside the Agree button on the Landing and Details screens. Guidance from regulators strongly suggests that if publishers offer an all-in-one affirmative consent action, an equally prominent withdrawal of consent action should be displayed without favoritism of one over the other. However, in surveying trends across our industry, we have noticed many publishers are choosing not to display the all-in-one withdrawal of consent action. Thus, to effectively serve market needs, the Disagree button is configurable so that each publisher can make the assessment and decision based their business needs and risk tolerance. We strongly recommend evaluating this decision with your privacy, product, and legal teams before launching the CMP.
As a part of the layered design, Verizon Media’s CMP offers an optional secondary Details screen, which allows you to offer an additional detailed description of the activities and processing, along with specific references and examples. This is also a great place to demonstrate the value of interest-based advertising by showing how relevant advertising offers the user a better experience.
Our research has shown that a significant percentage of users who are curious and click into the secondary screen are satisfied with the level of detail and will grant consent. However, some regulators have expressed concerns about adding additional friction between the initial solicitation of consent and the granular privacy choices in the consent experience. Thus, we strongly recommend evaluating this decision with your privacy, product, and legal teams before launching the CMP.
Global, or web-wide, consent refers to the scope of a user’s consent. Global consent means the user has consented to the selected purposes and vendors across any publisher on the web. To illustrate this, a user visits site A using a TCF compliant CMP and consents to vendor Y and Z globally. Site A’s CMP writes the user’s consent preferences to a global consent service. The same user subsequently visits sites B and C (each has a TCF compliant CMP). Since sites B and C can load previous consent preferences from the global consent service they know that the user has already consented to vendors Y and Z and reflect those settings to callers.
Currently, Verizon Media’s CMP does not support global consent, as the TCF specs do not seem to be well-defined around this concept, particularly with respect to UI/UX guidance. Furthermore, we do not see much participation in global consent on behalf of publishers. If you have a business case that you believe requires global consent, please reach out to your account representative.
On a technical note, supporting global consent relies on the use of third party cookies for the web. Due to recent efforts from Apple and Mozilla to strengthen tracking protections, Safari and Firefox browsers are largely not supporting third party cookies used for tracking purposes, and Google is expected to follow up with similar protections for Chrome. Thus, it’s not clear if global consent will continue to be viable for much longer.