The IAB's Transparency and Consent Framework (TCF) was created in order to help digital advertising ecosystem comply with obligations under the GDPR and ePrivacy Directive. While Sourcepoint supports an implementation for organization's who wish to comply with the TCF v2, we also enable your organization to implement and manage end-user consent without having to sign on to the IAB TCF framework.
In this article, we will cover how to implement a GDPR nonTCF web implementation so that your organization can create a consent experience that complies with your interpretation of GDPR that is not bound by the IAB TCF v2 policy requirements.
The GDPR non-TCF web implementation is comprised of two scripts that is added to a property:
In this section, we will provide an overview and any necessary requirements for each code snippet. In the example below, we combine the two snippets to illustrate a simple GDPR non-TCF web implementation that would be added to a property.
<script>window._sp_ = {config: {accountId: 22,baseEndpoint: 'https://cdn.privacy-mgmt.com',}}</script><script src="https://cdn.privacy-mgmt.com/messagingNoTcfApi.js" async></script>
Unlike Sourcepoint's GDPR TCF v2 web implementation, the non-TCF web implementation does not use the IAB stub file.
The first code snippet that should be added to your implementation contains your organization's specific account configuration parameters. This code snippet includes the necessary and optional parameters for your property to communicate with the Sourcepoint messaging platform and consent service libraries.
<script>window._sp_ = {config: {accountId: 22,baseEndpoint: 'https://cdn.privacy-mgmt.com',}}</script>
Currently, there are two required parameters to successfully deliver an end-user notification:
AccountId
baseEndpoint
In addition to the required parameters (example above), your organization can implement additional parameters in the code snippet to allow for Javascript callbacks that can be triggered for different customization purposes.
Required parameter | Description |
| The |
| https://cdn.privacy-mgmt.com is a single server endpoint that serves the GDPR messaging experience. The |
While editing the baseEndpoint
domain is optional, Sourcepoint highly recommends that it is edited by your organization. More information can be found at setting up a subdomain with a CNAME DNS Record.
The second code snippet is a URL that points to the Sourcepoint Javascript SDK for a GDPR non-TCF web implementation. The URL for a GDPR non-TCF web implementation is as follows:
https://cdn.privacy-mgmt.com/messagingNoTcfApi.js
If your organization has edited the baseEndpoint
with a CNAME DNS Record you will also need to edit the URL for this code snippet to reflect the edit. Please follow the following format if necessary:
https://client.domain.com/messagingNoTcfApi.js
<script src="https://cdn.privacy-mgmt.com/messagingNoTcfApi.js" async></script>
In the table below are all the parameters that can be included in your client configuration code snippet:
Optional Parameter | Description |
| Allows your organization to use the Privacy Manager ID for the property group use of a property group's Privacy Manager ID. Note: Call |
| Maps the implementation to a specific URL as set up in the Sourcepoint account dashboard. |
| Maps the message to a specific property (website, app, OTT) as set up in the Sourcepoint account dashboard. |
| Targeting params allow a developer to set arbitrary key/value pairs. These key/value pairs are sent to Sourcepoint servers where they can be used to take a decision within the scenario builder.
|
| Click here for all optional event callbacks that are supported by Sourcepoint for GDPR non-TCF web implementations. |
| Used to ensure that the purposes or stack names listed in a consent message remain in the same language regardless of an end-user's browser language setting. A list of two-letter codes is available here.
If this parameter is not present, stacks and purposes will appear according to the end-user's preferred browser language setting.
|