Prebid.js GDPR feature: softVendorException

[bretg]

Type of issue

enhancement

Description

In Prebid Server, Xandr implemented a compromise version of the original TCF2 "vendorException" setting. Adding a vendor to this list was a complete "hall pass", exempting that vendor from any checks, essentially trusting that they do the right thing on their side.

The new feature is a weaker version of that "hall pass" -- the user must still consent to the purpose, but vendor consent isn't checked. The use case here is for vendors that don't have GVLIDs -- they currently need exceptions, but the only existing exception is a strong one. This softer version allows pubs to support bidders without GVLIDs without granting the ability to bypass the user's purpose consent.

See the highlighted changes in https://docs.google.com/document/d/1fBRaodKifv1pYsWY3ia-9K96VHUjd8kKvxZlOsozm8E/edit#heading=h.hlpacpauqwkx

The proposal is to add gdpr.rules[].softVendorExceptions: "If enforceVendor is true, then any vendors in this list will ignore enforcement."

Looking for community feedback on this enhanced level of flexibility and open to suggestions about a better name for this field.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[bretg]

@jsnellbaker - is this still an issue for Xandr?

[jsnellbaker]

Hi @bretg From what I understand from discussing this with some others, this is still a feature on the PBS side that's still in-use. So if there's a need to bring the functionality here into PBJS as well, I think that would good to do.