GDPR non-TCF Web Implementation

The IAB's Transparency and Consent Framework (TCF) was created in order to help digital advertising ecosystem comply with obligations under the GDPR and ePrivacy Directive. While Sourcepoint supports an implementation for organization's who wish to comply with the TCF v2, we also enable your organization to implement and manage end-user consent without having to sign on to the IAB TCF framework.

In this article, we will cover how to implement a GDPR nonTCF web implementation so that your organization can create a consent experience that complies with your interpretation of GDPR that is not bound by the IAB TCF v2 policy requirements.

GDPR non-TCF Web Implementation Overview

The GDPR non-TCF web implementation is comprised of two scripts that is added to a property:

In this section, we will provide an overview and any necessary requirements for each code snippet. In the example below, we combine the two snippets to illustrate a simple GDPR non-TCF web implementation that would be added to a property.

<script>
window._sp_ = {
config: {
accountId: 22,
baseEndpoint: 'https://cdn.privacy-mgmt.com',
}
}
</script>
<script src="https://cdn.privacy-mgmt.com/messagingNoTcfApi.js" async></script>

Unlike Sourcepoint's GDPR TCF v2 web implementation, the non-TCF web implementation does not use the IAB stub file.

Client Configuration Code Snippet

The first code snippet that should be added to your implementation contains your organization's specific account configuration parameters. This code snippet includes the necessary and optional parameters for your property to communicate with the Sourcepoint messaging platform and consent service libraries.

<script>
window._sp_ = {
config: {
accountId: 22,
baseEndpoint: 'https://cdn.privacy-mgmt.com',
}
}
</script>

Currently, there are two required parameters to successfully deliver an end-user notification:

  • AccountId

  • baseEndpoint

In addition to the required parameters (example above), your organization can implement additional parameters in the code snippet to allow for Javascript callbacks that can be triggered for different customization purposes.

Required parameter

Description

accountId

The accountId value associates the property with your organization's Sourcepoint account. Your organization's accountId can be retrieved by contacting your Sourcepoint Account Manager or via the My Account page in your Sourcepoint account.

baseEndpoint

https://cdn.privacy-mgmt.com is a single server endpoint that serves the GDPR messaging experience. The baseEndpoint can also be changed to a CNAME first-party subdomain in order to persist first-party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with set-cookie rather than using document.cookie on the page.

While editing the baseEndpoint domain is optional, Sourcepoint highly recommends that it is edited by your organization. More information can be found at setting up a subdomain with a CNAME DNS Record.

URL to Sourcepoint Javascript SDK

The second code snippet is a URL that points to the Sourcepoint Javascript SDK for a GDPR non-TCF web implementation. The URL for a GDPR non-TCF web implementation is as follows:

  • https://cdn.privacy-mgmt.com/messagingNoTcfApi.js

If your organization has edited the baseEndpoint with a CNAME DNS Record you will also need to edit the URL for this code snippet to reflect the edit. Please follow the following format if necessary:

  • https://client.domain.com/messagingNoTcfApi.js

<script src="https://cdn.privacy-mgmt.com/messagingNoTcfApi.js" async></script>

Optional GDPR non-TCF Web Implementation Parameters

In the table below are all the parameters that can be included in your client configuration code snippet:

Optional Parameter

Description

groupPmId

Allows your organization to use the Privacy Manager ID for the property group use of a property group's Privacy Manager ID.

Note: Call window._sp_.loadPrivacyManagerModal() without passing a parameter and the Privacy Manager that displays will be that property's version of the groupPmId Privacy Manager.

propertyHref

Maps the implementation to a specific URL as set up in the Sourcepoint account dashboard.

propertyId

Maps the message to a specific property (website, app, OTT) as set up in the Sourcepoint account dashboard.

targetingParams

Targeting params allow a developer to set arbitrary key/value pairs. These key/value pairs are sent to Sourcepoint servers where they can be used to take a decision within the scenario builder.

targetingParams: {

key1: valueA, key2: valueB }

events

Click here for all optional event callbacks that are supported by Sourcepoint for GDPR non-TCF web implementations.

consentLanguage

Used to ensure that the purposes or stack names listed in a consent message remain in the same language regardless of an end-user's browser language setting. A list of two-letter codes is available here. If this parameter is not present, stacks and purposes will appear according to the end-user's preferred browser language setting. consentLanguage: "nl"