1.0.0
Manage Publisher Purposes (GDPR TCF v2)
If your organization processes end-user data (i.e. acts like a vendor) for its own use then the end-user can be informed and asked to give consent. The Sourcepoint dashboard allows your organization to set your own legal basis for IAB purposes.
Example An organization that wants to set a first-party cookie should request end-user consent for Purpose 1 "Store and/or access information on a device" in jurisdictions where it is required. More information from the IAB about Publisher Purposes can be found here.

Set Legal Basis for Publisher Purposes

To set the legal basis for your organization's publisher purposes, navigate to your GDPR TCF v2 vendor list for your campaign.
Click *Advanced Settings* in the upper right-hand corner.
Select Manage Publisher Purposes.
In the Manage Publisher Purposes dialog box your organization can set the legal bases for IAB purposes. The options for legal bases are:
  • User Consent
  • Legitimate Interest
  • Not Applicable
Please consult with your Data Protection Officer or privacy legal team about the appropriate legal bases for each purpose.
Save your vendor list in order to confirm your edits.

Check changes in the TC String using the __tcfapi

The settings in the Manage Publisher Purposes can be seen in the TC String. Using the __tcfapi function allows your organization to:
  • read end-user consent for IAB and custom purposes
  • read the settings in the publisher purposes
Documentation on how to use the __tcfapi function call to read the user consent for IAB & custom purposes can be found here.
In this section, we offer an example on how to check your edits for publisher purposes in the __tcfapi response. The publisher segment of the TC String response has three parts:

consents and legitimateInterests responses in TC String

For the consents and legitimateInterest parts of the response, the __tcfapi will list out each IAB purposes and whether consent or legitimate interest has been given by the end-user.
In the example below, your organization has declared user consent to process data for IAB purposes 1, 2, 4, 6, 7, 8 and legitimate interest to process end-user data for IAB purposes 3, 5, 9, 10.

restrictions response in TC String

The restrictions part of the __tcfapi response apply to changes in the vendor list. It shows the vendors that have their default legal basis overridden by your organization.
The restrictions response will be formatted as:
1
IAB Purpose: {Vendor ID: Legal Basis}
Copied!
In the above example, for IAB purpose 2:
• vendor 174 is prohibited (legal basis value 0) to process end-user data.vendor 915 requires end-user consent (legal basis value 1) to process data.
Refer to the table below to decode the legal basis in the restrictions response.
ID
Legal Basis
Description
0
Not Allowed
Your organization is restricting a vendor from processing end-user data for a specific purpose.
1
User Consent
Confirming that the vendor can process end-user data for a specific purpose only if the end-user has provided explicit consent.
2
Legitimate Interest
Allowing the vendor to process end-user data without collecting explicit consent for a specific purpose.
(Note: the end-user can still reject the processing of their data).
The article on how your organization can change the legal basis of a vendor to process end-user data can be found here.
For any IAB purpose, the legal basis for a vendor purpose can supercede the legal basis for the corresponding publisher purpose. For example, the 'User Consent' legal basis for a vendor in the vendor list can overrule the 'Legitimate Interest' legal basis for a publisher.
Last modified 1mo ago