Restrict GDPR TCF v2 consent collection to region (AMP)

The <amp-geo> component is an optional configuration that your organization can use to ensure that consent is only required for regions where GDPR applies. This article is an amendment to the primary GDPR TCF v2 AMP Implementation article and covers the additional configurations and considerations needed to utilize the component.

Please use the GDPR TCF v2 AMP implementation article as the primary resource for your implementation and refer to this article for the additional configuration that is required to implement <amp-geo>.

Restrictions

The following restrictions should be adhered to when implementing <amp-geo> with your GDPR TCF v2 AMP implementation:

  • Do not add geo restrictions to the scenarios you are using with amp campaigns.

<amp-geo> implementation overview

Implementing <amp-geo> into your GDPR TCF v2 AMP implementation is comprised of three distinct additions/edits:

GDPR TCF v2 AMP header

In addition to the two headers necessary for a GDPR TCF v2 AMP implementation, your organization will also need to add the following header to utilize the <amp-geo> component:

<script async custom-element="amp-geo" src="https://cdn.ampproject.org/v0/amp-geo-0.1.js"></script>

<amp-geo> component

Add the <amp-geo> component to your GDPR TCF v2 AMP implementation to define the region where you want to require consent.

<amp-geo layout="nodisplay">
<script type="application/json">
{
"AmpBind": true,
"ISOCountryGroups": {
"eea": ["preset-eea", "unknown"]
}
}
</script>
</amp-geo>

With the region specified in the <amp-geo> component, use the geoOverride parameter within the <amp-consent> component to specify the region that should be detected before executing the consent messaging experience.

In the example below, for regions outside the EEA region, consent will not be required for any component that has the data-block-on-consent attribute.

<amp-consent id='consent' layout='nodisplay' >
<script type="application/json">
{
"consentInstanceId": "SourcePoint",
"consentRequired": false,
"geoOverride": {
"eea": {
"consentRequired": "remote",
"consentInstanceId": "sourcepoint",
"checkConsentHref": "https://CNAME-SUBDOMAIN/wrapper/tcfv2/v1/amp-v2?authId=CLIENT_ID",
"promptUISrc": "https://CNAME-SUBDOMAIN/amp/index.html?authId=CLIENT_ID",
"postPromptUI": "consent-ui",
"cookies": {
"enabled": true,
"AMP-CONSENT": {
"value": "LINKER_PARAM(authId, _a)"
}
},
"clientConfig": {
"accountId": 22,
"propertyHref": "https://vince.tcfv2",
"propertyId": 9591,
"mmsDomain": "https://CNAME-SUBDOMAIN.com",
"privacyManagerId": 158995,
"isTCFV2": true,
"pmTab": "vendors",
"stageCampaign": false,
"targetingParams": {
"color": "red"
}
}
}
}
</script>
</amp-consent>

Click here for more information for each parameter in the implementation.

The consentRequired parameter tells the <amp-consent> component whether consent is required for components using the data-block-on-consent attribute.

While the consentRequired parameter should always be set to remote when you want your Sourcepoint code to execute and collect consent from an end-user, it can be set to false for regions where consent is not required.