About
In the Transparency and Consent Framework (TCF), an Consent String contains a list of permissions telling a list of partners what they’re allowed to do with user data. This a Base64 encoded bit string representing user preference in the TCF (Transparency-and-ConsentFramework)
Vendors rely on the consent string created by CMPs to know whether information has been disclosed to users and whether users have given their consent to processing.
Articles Related
Characteristics
- Consent string may be created under the TCF only by registered CMPs. If you sent a consent-string as a not registered CMP, you are violating the policies. That's more about legal, not about tech.
- A user must be able to select the partners with whom they consent to share their data. A user should be able to toggle within the consent UI
Format
The format of the consent string used for storing user consent as part of the IAB’s GDPR Transparency and Consent Framework is a web-safe base64 encoded string. The format details are available in this document provided by the IAB. Consent String format
Purpose
The consent string contains the allowed purposes.
| Purpose Id | Purpose Name |
|---|---|
| 1 | Information storage and access |
| 2 | Personalisation |
| 3 | Ad selection, delivery, reporting |
| 4 | Content selection, delivery, reporting |
| 5 | Measurement |
pubvendors.json
The consent string contains a list of allowed vendors (ad network ?) (vendors that the publisher is working with).
The publisher defines this list by:
- creating a file named pubvendors.json
- placed at the .well-known path of their domain
- and that is a subset from the Global vendor list
The pubvendors.json file has a similar function that ads.txt and robots.txt (5785).
Example: https://gerardnico.com/.well-known/pubvendors.json
{
"publisherVendorsVersion": 1, // [Required] Version of the pubvendors.json specification "version": 1, // [Required] Increment on each update of this file
"globalVendorListVersion": 1, // [Required] The version of the GVL this was created from
"updatedAt": "2018-05-28T00:00:00Z", // [Required] Updated for every modification
"vendors": [ // [Required] Whitelist vendors
{
"id": 1 // [Required] ID of vendor
},
{
"id": 2
},
{
"id": 3
}
]
}
Example
BOsw9RWOsw9RWAOABCENC2-AAAAtHAAA
BOsw94_Osw94_AOABCENC2AAAAAtGAAA
Ezoic:
BOstzdROt5qRdB7DTBENC2-AAAAtFr_7__7-_9_-_f__9uj3Or_v_f__30ccL59v_h_7v-_7fi_20nV4u_1vft9yfk1-5ctDztp505iakivHmqNeb9v_mz1_5pRP78k89r7337Ew_v8_v-b7JCON_A
Management
Create
To be able to perform this steps, you need to be recognized as a CMP (Consent Management Provider)
- Choose a CMP (Consent Management Platform) id from the list.
- Create a pubvendors.json list. See pubvendors.json generator
- Use a library to encode it
- Store the consent string in the euconsent cookie
See / Storage
The consent string can be found in the euconsent cookie after given a consent.
Then you can decode it.
Encode
Decode
parser tool to decodes a consent string and display its information in a human-readable format.