Upgrade User ID Module Privacy Support

[bretg]

Type of issue

Enhancement

Description

User ID modules cannot easily get the CCPA consent string. When we built the RealTimeData infrastructure, we made it easy for all RTD sub-modules to obtain all known consent data - every RTD internal interface includes a userConsent data structure so each one doesn't have to dig them up itself.

We should upgrade the User ID module to do this same thing.

1. Add a function in the core User ID module similar to the RTD getConsentData() function:

function getConsentData() {
  return {
    gdpr: gdprDataHandler.getConsentData(),
    usp: uspDataHandler.getConsentData(),
    coppa: !!(config.getConfig('coppa'))
  }
}

2. Update the existing consentData data structure used by UserID-core to call sub-modules

3. Confirm that every sub-module will not choke when receiving these parameters

4. Upgrade SharedId sub-module to make use of these parameters:

[patmmccann]

Our approach has been to set the device access flag on opt out, which takes care of the problem that some userIds aren't gathering the usp string. If this is solved, would there be any remaining need for deviceAccess?

[patmmccann]

One note, some userId modules are not facing this limitation, eg

Prebid.js/modules/parrableIdSystem.js

Line 193 in 99098ec

const uspString = uspDataHandler.getConsentData();

I think your step 4 above would likely need to include converting those over to the new object as well

[smenzer]

I can see the value in providing all relevant privacy jurisdiction fields in a single function/object like @bretg mentions, but I agree with @patmmccann that this is already partially implemented; we are also retrieving the CCPA uspString already:

Prebid.js/modules/id5IdSystem.js

Line 121 in 99098ec

'us_privacy': uspDataHandler.getConsentData() || '',

[gglas]

@bretg are there pressing implementation issues for this, or should we just move it into the backlog?

[bretg]

Yes, I think this needs to happen, specifically because SharedId and PubCommon should be paying attention to these values. Adding @jdwieland8282

[smenzer]

@bretg maybe I’m missing something but can’t these values already be retrieved by shared Id and pubcommon? We are ingesting them in our module already as do a few others...

[patmmccann]

Is #6673 a duplicate @smenzer ?

[smenzer]

Is #6673 a duplicate @smenzer ?

The difference in my request is that we modify the existing consent data parameter (which contains only GDPR today) to support everything (similar to the getconsentdata function described here would provide) rather than passing some data in the function call and requiring another method to get the rest.

@bretg id be happy to have the two issues merged together...what are your thoughts?

[bretg]

Agree that these two issues are essentially the same. I've updated the description of this issue to re-use the existing consentData param rather than adding a new one.

[smenzer]

with the updates from @bretg I agree that these are the same now. I can close out #6673 in favor of this one. thanks Bret!

[patmmccann]

related #10276