Video SSP and GDPR
Video SSP complies with the General Data Protection Regulation (GDPR). Our compliance is delivered through adoption of the IAB Transparency and Consent framework (TCF).
One of the requirements of theTCF is to support the passing of user consent preferences throughout the advertising ecosystem. This can be done via macros in ad tags and URL-based services, including VidVideo SSP’s ad tags for Marketplace Connections and Inventory Sources.
We support two macros.
Macro | Macro Type | Definition | Expected Input |
---|---|---|---|
gdpr | Boolean | This value indicates whether or not user is subject to GDPR. |
0 = user is not subject to GDPR, 1 = user is subject to GDPR |
gdpr_consent | String | This string represents a user’s consent preferences. The construction and encoding is defined in the IAB TCF. |
base64 encoded web safe string, generated by a Consent Management Provider (CMP) |
These macros are populated with data from an IAB framework-compliant Consent Management Provider (CMP).
Example:
http://ads.adaptv.advertising.com/a/h/iveKWUo6VtIbutX4_6ersvt6TVk6EpL1?cb=[CACHE_BREAKER]&gdpr=[GDPR]&gdpr_consent=[GDPR_CONSENT]&pet=preroll&pageUrl=EMBEDDING_PAGE_URL&eov=eov
Note: GDPR became effective May 25, 2018. Ad tags that include the consent information macros should have been implemented at that time. For additional information reach out to your account manager.
RTB integration guide
The RTB integration guide provides technical details for developers and sales engineers regarding supported Video SSP RTB API specifications.
See the Video SSP Technical Requirements for Integration Guide (must be logged in to view) for full details.
User Object
Object Name | Included | Type | Description |
---|---|---|---|
ext | when available | object | Our platform will include “consent” extension to comply with GDPR (see below). |
User Object Extension
Object Name | Included | Type | Description |
---|---|---|---|
consent | when available | string | Encoded value of the user consent. Base 64 web safe. Our platform would only pass the consent string if regs.ext.gdpr=1 and Verizon Media has been provided vendor level consent by the user. |
User Syncing
There are two methods of user syncing, Push or Pull. The DSP may choose to do either or both.
Push Method (When DSP initiates the user sync URL)
The account team provides the full user syncing URLs. The buyer sends an HTTPS request from the user’s browser to a User Sync URL with these parameters:
Parameter | Included | Type | Description |
---|---|---|---|
uid | always | string | The DSP should substitute DSP_USER_ID with their unique user ID for the user that the request originates from. The maximum length for the DSP_USER_ID is 128 characters. The DSP must specify the Time To Live (TTL) or expiration of the user ID, after which time our platform will no longer use the ID when sending bid requests |
origin | optional | Boolean | 0 = Verizon Media Video SSP initiated user sync. 1 = DSP initiated user sync. |
gdpr | always | Boolean |
0=GDPRdoes not apply. 1=GDPRapplies. Video SSP adheres to the IAB Tech Lab - GDPR consent passing for URL-based services. |
gdpr_consent | when available | string | URL-safe base64-encoded GDPR consent string.
Only meaningful if gdpr=1 |
The HTTPS request returns a response code 204 (No Content) with an empty body.
Pull Method (When Video SSP initiates the user sync URL)
Our client code sends an HTTPS request from the user’s browser to a URL specified by the DSP. Video SSP appends the following parameters to the DSP’s User Sync URL.
Example
The DSP should then return a 302 redirect, the redirect URL is the User Sync URL provided below with origin=0.
Please reference the parameters table above.
GDPR
Video SSP will not initiate a user sync request in the following cases:
- First or third party jurisdiction is in the EU, and first or third party consent shows no consent.
- First or third party jurisdiction is in the EU, and first or third party consent is missing.
We require all DSP partners to follow the same GDPR logic.
Regs Object
The Regs object contains the COPPA flag, which signals whether or not the request falls under the United States Federal Trade Commission’s (USFTC) regulation for Children’s Online Privacy Protection Act.
Object Name | Included | Type | Description |
---|---|---|---|
coppa | always | integer | Flag indicating whether or not the request falls under COPPA regulation as established by the US FTC.
0 = no, 1 = yes. |
ext | when available | object | Our platform includes “gdpr” extension to be compliant with GDPR. |
Regs Object Extension
Object Name | Included | Type | Description |
---|---|---|---|
gdpr | always | Boolean | GDPR value sent, 1= user is from Europe, 0= user is NOT from Europe. |
PMP Object and Deal ID Sample Bid Requests
IPv6 Desktop Ad Opportunity (EU User, Must comply with GDPR) |
{ "id":"718a9c73-3f27-4fda-b58b-5ca04ac420e7", "bcat": [ "IAB25", "IAB7-39", "IAB8-18", "IAB8-5" ], "badv": [ abc.com, xyz.com], "imp":[ { "id":"1", "video":{ "mimes":[ "video/x-flv", "video/mp4", "application/x-shockwave-flash" ], "linearity":1, "minduration":5, "maxduration":30, "protocols":[ 2, 3, 5, 6 ], "api":[ 1, 2 ], "startdelay":0, "playbackmethod":[ 3 ], "ext":{ "viewability":-1 } }, "pmp":{ "private_auction":0, "deals":[ { "id":"532", "bidfloor":7.58, "bidfloorcur":"USD", "at":3, "wseat":[ "AgencyAA", "AgencyCC" ] } ], "ext":{ "marketplaceid":56 } }, "secure":0 } ], "site":{ "page": "test1.com", "publisher": { "id":"5544" }, "content":{ "cat":[ "IAB1", "IAB3", "IAB11", "IAB11-4", "IAB12" ], "language":"en" }, "cat":[ "IAB1", "IAB3", "IAB11", "IAB11-4", "IAB12" ], "ext":{ "mpcid":"95265" } }, "device":{ "ipv6":"2600:1700:1d90:3b90:b1:78c2:576f:b55e", "ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36", "language":"en", "os":"Mac OS X", "devicetype":2, "geo":{ "country":"FRA", "lat":48.86, "lon":2.34, "type":2 } }, "user":{ "id":"7320731778973028548", "ext":{ "consent":"3FDF299BE572" } }, "regs":{ "coppa":0, "ext":{ "gdpr":"1" } }, "cur":[ "EUR" ], "tmax":150 } |
IPv6 Desktop Ad Opportunity (Non-EU User: No compliance required GDPR) |
{ "id":"718a9c73-3f27-4fda-b58b-5ca04ac420e7", "bcat": [ "IAB25", "IAB7-39", "IAB8-18", "IAB8-5" ], "badv": [ abc.com, xyz.com], "imp": [ { "id":"1", "video":{ "mimes":[ "video/x-flv", "video/mp4", "application/x-shockwave-flash" ], "linearity":1, "minduration":5, "maxduration":30, "protocols":[ 2, 3, 5, 6 ], "api":[ 1, 2 ], "startdelay":0, "playbackmethod":[ 3 ], "ext":{ "viewability":-1 } }, "pmp":{ "private_auction":0, "deals":[ { "id":"532", "bidfloor":7.58, "bidfloorcur":"USD", "at":3, "wseat": [ "AgencyAA", "AgencyCC" ] } ], "ext":{ "marketplaceid":56 } }, "secure":0 } ], "site":{ "page":"test1.com", "publisher":{ "id":"5544" }, "content":{ "cat":[ "IAB1", "IAB3", "IAB11", "IAB11-4", "IAB12" ], "language":"en" }, "cat":[ "IAB1", "IAB3", "IAB11", "IAB11-4", "IAB12" ], "ext":{ "mpcid":"95265" } }, "device":{ "ipv6":"2600:1700:1d90:3b90:b1:78c2:576f:b55e", "ua":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36", "language":"en", "os":"Mac OS X", "devicetype":2, "geo":{ "country":"USA", "region":"FL", "lat":28.74, "lon":-81.86, "type":2 } }, "user":{ "id":"7320731778973028548" }, "regs":{ "coppa":0, "ext":{ "gdpr":"0" } }, "cur":[ "USD" ], "tmax":150 } |