GDPR non-TCF Web Implementation

The IAB's Transparency and Consent Framework (TCF) was created in order to help digital advertising ecosystem comply with obligations under the GDPR and ePrivacy Directive. While Sourcepoint supports an implementation for organization's who wish to comply with the TCF v2, we also enable your organization to implement and manage end-user consent without having to sign on to the IAB TCF framework. 
In this article, we will cover how to implement a GDPR nonTCF web implementation so that your organization can create a consent experience that complies with your interpretation of GDPR that is not bound by the IAB TCF v2 policy requirements. 
​GDPR non-TCF Web Implementation Overview​
​Optional GDPR non-TCF Web Implementation Parameters​
GDPR non-TCF Web Implementation Overview
The GDPR non-TCF web implementation is comprised of two scripts that is added to a property:
​Client Configuration Code Snippet​
​URL to Sourcepoint Javascript​
In this section, we will provide an overview and any necessary requirements for each code snippet. In the example below, we combine the two snippets to illustrate a simple GDPR non-TCF web implementation that would be added to a property.
<script>
    window._sp_ = {
        config: {
            accountId: 22,
            baseEndpoint: 'https://cdn.privacy-mgmt.com',
        }
    }
</script>
<script src="https://cdn.privacy-mgmt.com/messagingNoTcfApi.js" async></script>
Unlike Sourcepoint's GDPR TCF v2 web implementation, the non-TCF web implementation does not use the IAB stub file.
Client Configuration Code Snippet
The first code snippet that should be added to your implementation contains your organization's specific account configuration parameters. This code snippet includes the necessary and optional parameters for your property to communicate with the Sourcepoint messaging platform and consent service libraries. 
<script>
    window._sp_ = {
        config: {
            accountId: 22,
            baseEndpoint: 'https://cdn.privacy-mgmt.com',
        }
    }
</script>
Currently, there are two required parameters to successfully deliver an end-user notification:
AccountId
baseEndpoint
In addition to the required parameters (example above), your organization can implement additional parameters in the code snippet to allow for Javascript callbacks that can be triggered for different customization purposes. 
Required parameter
Description
accountId
The accountId value associates the property with your organization's Sourcepoint account. Your organization's accountId can be retrieved by contacting your Sourcepoint Account Manager or via the My Account page in your Sourcepoint account. 
baseEndpoint
​https://cdn.privacy-mgmt.com is a single server endpoint that serves the GDPR messaging experience. The baseEndpoint can also be changed to a CNAME first-party subdomain in order to persist first-party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with set-cookie rather than using document.cookie on the page. 
URL to Sourcepoint Javascript
The second code snippet is a URL that points to the Sourcepoint Javascript SDK for a GDPR non-TCF web implementation. The URL for a GDPR non-TCF web implementation is as follows:
https://cdn.privacy-mgmt.com/messagingNoTcfApi.js
If your organization has edited the baseEndpoint with a CNAME DNS Record you will also need to edit the URL for this code snippet to reflect the edit. Please follow the following format if necessary: 
https://client.domain.com/messagingNoTcfApi.js
<script src="https://cdn.privacy-mgmt.com/messagingNoTcfApi.js" async></script>
Optional GDPR non-TCF Web Implementation Parameters
In the table below are all the parameters that can be included in your client configuration code snippet:
Optional Parameter
Description
joinHref
When set to true, will ensure that all directory regular expression functionality works in conjunction with the propertyHref parameter. 
​
Note: The joinHref parameter is solely used to test your implementation across different servers while still allowing for URL RegEx matching.
isSPA
​
When set to true, will confirm the implementation for a single page application and will show a message only when  window._sp_.executeMessaging();is triggered.
​
Note: window._sp_.executeMessaging(); is supposed to be called on each (virtual) pageload.
groupPmId
Allows your organization to use the Privacy Manager ID for the property group's Privacy Manager ID. 
​
Note: Call  window._sp_.loadPrivacyManagerModal() without passing a parameter and the Privacy Manager that displays will be that property's version of the groupPmId Privacy Manager.
propertyHref
Maps the implementation to a specific URL as set up in the Sourcepoint account dashboard.
propertyId
Maps the message to a specific property (website, app, OTT) as set up in the Sourcepoint account dashboard.
targetingParams
Targeting params allow a developer to set arbitrary key/value pairs. These key/value pairs are sent to Sourcepoint servers where they can be used to take a decision within the scenario builder. 
​
targetingParams: {               
                    key1: valueA,
                    key2: valueB
                }
 
events
​Click here for all optional event callbacks that are supported by Sourcepoint for GDPR non-TCF web implementations. 
consentLanguage
Used to ensure that the purposes or stack names listed in a consent message remain in the same language regardless of an end-user's browser language setting. A list of two-letter codes is available here.

If this parameter is not present, stacks and purposes will appear according to the end-user's preferred browser language setting. 

consentLanguage: "nl"
​

Implementation - Previous

Web Implementation

Optional Event Callbacks for GDPR non-TCF Web Implementation

Last updated 5 days ago

Required parameter	Description
`accountId`	The `accountId` value associates the property with your organization's Sourcepoint account. Your organization's `accountId` can be retrieved by contacting your Sourcepoint Account Manager or via the My Account page in your Sourcepoint account.
`baseEndpoint`	https://cdn.privacy-mgmt.com is a single server endpoint that serves the GDPR messaging experience. The `baseEndpoint` can also be changed to a `CNAME` first-party subdomain in order to persist first-party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with `set-cookie` rather than using `document.cookie` on the page.

Optional Parameter	Description
`joinHref`	When set to `true`, will ensure that all directory regular expression functionality works in conjunction with the `propertyHref` parameter. Note: The `joinHref` parameter is solely used to test your implementation across different servers while still allowing for URL RegEx matching.
`isSPA`	When set to `true`, will confirm the implementation for a single page application and will show a message only when `window._sp_.executeMessaging();`is triggered. Note: `window._sp_.executeMessaging();` is supposed to be called on each (virtual) pageload.
`groupPmId`	Allows your organization to use the Privacy Manager ID for the property group's Privacy Manager ID. Note: Call `window._sp_.loadPrivacyManagerModal()` without passing a parameter and the Privacy Manager that displays will be that property's version of the `groupPmId` Privacy Manager.
`propertyHref`	Maps the implementation to a specific URL as set up in the Sourcepoint account dashboard.
`propertyId`	Maps the message to a specific property (website, app, OTT) as set up in the Sourcepoint account dashboard.
`targetingParams`	Targeting params allow a developer to set arbitrary key/value pairs. These key/value pairs are sent to Sourcepoint servers where they can be used to take a decision within the scenario builder. `targetingParams: {` `key1: valueA, key2: valueB }`
`events`	Click here for all optional event callbacks that are supported by Sourcepoint for GDPR non-TCF web implementations.
`consentLanguage`	Used to ensure that the purposes or stack names listed in a consent message remain in the same language regardless of an end-user's browser language setting. A list of two-letter codes is available here. If this parameter is not present, stacks and purposes will appear according to the end-user's preferred browser language setting. `consentLanguage: "nl"`