GDPR, CCPA and ats.js

ats.js uses a Google Cloud Platform (GCP) Cloud Function to assess the user's geographic location based on their IP address. Based on the user's location, we may require a standardized consent signal.

General Data Protection Regulation - EU/EEA

The General Data Protection Regulation (GDPR) is a "regulation in EU law on data protection and privacy in the European Union and the European Economic Area". If a user is located in an EU (or EEA, in some cases) country, consent is required.

In the European Union, ATS expects a TCF v2 compatible consent string.

Consent can either be detected by ATS through a standard CMP JS API call, or passed directly to ATS in the configuration.

{
  "placementID": 9999,
  "cssSelectors": [
    "input[type=email]"
  ],
  "consentString": "COvFyGBOvFyGBAbAAAENAPCAAOAAAAAAAAAAAEEUACCKAAA.IFoEUQQgAIQwgIwQABAEAAAAOIAACAIAAAAQAIAgEAACEAAAAAgAQBAAAAAAAGBAAgAAAAAAAFAAECAAAgAAQARAEQAAAAAJAAIAAgAAAYQEAAAQmAgBC3ZAYzUw"
}

TCF v1 (Legacy)
LiveRamp must be listed as a vendor (97) and approved for all five TCF v1.1 purposes to successfully receive an envelope.

TCF v2 Current
LiveRamp must be listed as a vendor (97) and approved for the data purposes and features below to successfully return an envelope.

Purposes

1. Store and/or access information on a device
2. Create personalized ads profile
3. Create a personalized content profile
4. Measure ad performance
5. Measure content performance
6. Apply market research to generate audience insights
7. Develop and improve products

Special Purposes
Ensure security, prevent fraud, and debug

Features

1. Match and combine offline data sources
2. Link different devices
3. Receive and use automatically-sent device characteristics for identification
   
   The California Consumer Privacy Act (CCPA) is "a state statute intended to enhance privacy rights and consumer protection for residents of California, United States".
   [block:image] { "images": [ { "image": [ "https://files.readme.io/22c1eb7-1200px-Flag_of_California.svg_1.png", "1200px-Flag_of_California.svg (1).png", 1200, 800, "#dbbebe" ] } ] } [/block]
   If the user is in the US, ats.js will check the CCPA Privacy String when it is present, either passed directly to ats.js within the configuration, or detected over the JavaScript API by ats.js.
   [block:callout] { "type": "info", "title": "Privacy String Policy", "body": "At this point, ATS will take an approach of \"soft\" enforcement to the CCPA Privacy String -- where it is present for users in the US, the settings will be parsed and respected. However, the Privacy String is **not required** for users in California or the US at this point in time. \n\nAs adoption increases and clarity emerges on the federal level, we expect to require a consent signal as we do in the European Union." } [/block]

   California Consumer Privacy Act - US

   📘

   Privacy String Policy

   At this point, ATS will take an approach of "soft" enforcement to the CCPA Privacy String -- where it is present for users in the US, the settings will be parsed and respected. However, the Privacy String is not required for users in California or the US at this point in time.

   As adoption increases and clarity emerges on the federal level, we expect to require a consent signal as we do in the European Union.