Skip to main content
All Collections3.1 FIAM implementation for Websites & SPAs
Website implementation / How to manage consent implementation
Website implementation / How to manage consent implementation
Anastasiia Serebrianska avatar
Written by Anastasiia Serebrianska
Updated over 8 months ago

Integration to Publisher Consent Flow

When installing AudienceProject services, it is essential to ensure that a proper integration between various publishers' preferred consent collection methods and the AudienceProject Publisher Script is carried out, to ensure that both Publisher and User consent signals are being respected. The following outlines the most typical scenarios we encounter and draw up a path to proper installation/integration in each case.

For the high level commercial presentation outlining the principles, please read the article titled Publisher Consent Flows.

In the following you will find guides from implementation in two scenarios:

  1. TCF 2.2 platform (or equivalent) - additional logic for loading the publisher script on websites for measurement in case of no consent.

  2. Publisher with dynamic cookie consent platform, but no TCF 2.2 (or equivalent) platform.

TCF 2.2 platform (or equivalent) - additional logic for loading the publisher script on websites for measurement in case of no consent

This guide contains the technical implementation details required to work with ‘option 4’ in this guide.

Introduction

When consent for TCF purposes haven't been collected or granted, special precautions must be taken to ensure the MMF/FIAM measurement continues uninterrupted, but within the scope of the TCF standard.

The typical approach to handling non-consent is often not to communicate with any third parties until proper consent has been collected, avoiding the transfer or collection of any type of potential PID. From a measurement perspective, this approach only works if every Publisher agrees. If some Publishers implement this approach and others not? We will get discrepancies caused by some Publishers including page-views from every-one and others only including page-views from consented users, which leads to a reduction in page views logged.

A solution to this challenge is to implement and run an additional non-PID service in parallel with the consented measurement service. It allows comparable measurement without consensus amongst participants.

The solution outlined in this document allows the measurement of non-consented pageviews by the use of a parallel measurement mechanism. A separate domain that is cookie-less will be used for registering non-consented events. To ensure no PID is present in the non-consented event-flow, the Apache logs will also be IP anonymized by the removal of the last 3 digits of the IP address in the request.

Consented events will still go through the regular measurement pipeline, while non-consented events will be pushed through the PID-less domain.

Description of the consent flow

If your site runs a TCF 2.2 compatible CMP and you require explicit opt-in (through purposes 1 and 9) to AudienceProject measurement services, you need to explicitly communicate this to the publisher script. This can be done by running the publisher script in “anonymous mode”.

When the anonymous mode is enabled, all requests to AudienceProject are sent to a special URL and data processing pipeline. Besides that, no cookies will be sent to AudienceProject.

It is important to note that this method only can be applied to a minority of traffic, since consented traffic/events are still necessary in order to deliver proper measurement.

Implementation directly on website

If the user consented to measurement (TCF purposes 1 and 9), the publisher script will be loaded in “normal mode”, hereby sending the consent string generated by the CMP.

If consent for purposes 1 and 9 is not present on the page yet, or if the user explicitly did not consent to these purposes, then the publisher script should be loaded in “anonymous mode”. Technically, this means that:

  • The publisher script should be initialized with the anonymous tracking flag.

  • The publisher script should be loaded from the dnt-userreport.com domain.

This can be achieved using the following JavaScript snippet:

function loadAudienceProjectMeasurementScript(publisherId, options) {
options = options || {};
window.audienceProjectLayer = window.audienceProjectLayer || [];

if (options.anonymousTracking !== undefined) {
window.audienceProjectLayer.push(['setAnonymousTracking', options.anonymousTracking]);
}

if (options.consentString !== undefined) {
window.audienceProjectLayer.push(['setConsents', { tcStringV1: options.consentString }]);
}

var scriptDomain = options.anonymousTracking ? 'sak.dnt-userreport.com' : 'sak.userreport.com';
var scriptUrl = 'https://' + scriptDomain + '/' + encodeURIComponent(publisherId) + '/launcher.js';

var script = document.createElement('script');
script.src = scriptUrl;
script.async = true;
document.head.append(script);
}

var publisherId = '%publisherId%';

if (typeof window.__tcfapi !== 'function') {
loadAudienceProjectMeasurementScript(publisherId, {
anonymousTracking: true,
});
} else {
var hasScript = false;

window.__tcfapi('addEventListener', 2, function(model, success) {
if (!success || (model.eventStatus !== 'tcloaded' && model.eventStatus !== 'useractioncomplete')) return;

var anonymousTracking = !model.purpose.consents[1] || !model.purpose.consents[9];
var consentString = model.tcString;

if (!hasScript) {
hasScript = true;

var scriptOptions = { anonymousTracking: anonymousTracking };
if (consentString) {
scriptOptions.consentString = '';
}

loadAudienceProjectMeasurementScript(publisherId, scriptOptions);
} else {
window.audienceProjectLayer.push(['setAnonymousTracking', anonymousTracking]);

if (consentString) {
window.audienceProjectLayer.push(['setConsents', { tcStringV1: '' }]);
}
}
}, [394]);
}

The first part of the snippet defines a JavaScript function called loadAudienceProjectMeasurementScript This function loads the publisher script in either ”standard mode” or “anonymous mode”, depending on the arguments it receives.

The next piece of code first checks if a CMP was found on the page. If a CMP was found, then the script checks if purposes 1 and 9 are given. If these purposes are not given, the loadAudienceProjectMeasurementScript function is invoked in “anonymous mode”.

Otherwise, the loadAudienceProjectMeasurementScript function is invoked in “normal mode”.

The code is configured to automatically respond to changes in user consent. By default, it uses hardcoded consent string for “anonymous mode”. It will automatically enable “standard mode” as soon as the user consents to purposes 1 and 9, in this case hardcoded consent string will be set to empty.

Publisher with dynamic cookie consent platform, but no TCF 2.2 (or equivalent) platform

This guide contains the technical implementation details required to work with ‘option 3’ in this guide.

Note that the implementation in this document does not work when a TCF 2.2 API is present on the page. When working with a TCF 2.2 CMP, please use the guide “TCF 2.2 platform (or equivalent) - Additional logic for loading SAK on websites”.

Description of the consent flow

Cookie-consent is collected from the user arriving on the website or read from a previous engagement.

If consent is granted, the Publisher script will execute with full permission to perform analytics data collection. The data points sent to AP will be enriched with a hardcoded permission string to ensure the data point only is used according to Media Metric defined purposes.

If there is no cookie consent granted, a special flag will be set when the Publisher script is invoked to ensure we still collect the impression / pageview information, but without being able to read and/or write cookies/identifiers to the user’s device.

Implementation directly on website

How to load the publisher script depending on provided consent

If the consent status is present on the page and the user consented to measurement, then load the script as you normally do (including the hardcoded consent string). See the onboarding documentation for detailed instructions on how to do this.

If the consent status is not present on the page, or if the user did not consent to measurement, then the publisher script should be loaded in “anonymous mode”.

Technically, this means that:

  • The publisher script should be loaded from the dnt-userreport.com domain.

  • The publisher script should be initialized with the setAnonymousTracking flag.

This can be achieved using the following JavaScript snippet:

function loadAudienceProjectMeasurementScript(publisherId, options) {
options = options || {};
window.audienceProjectLayer = window.audienceProjectLayer || [];

if (options.anonymousTracking !== undefined) {
window.audienceProjectLayer.push(['setAnonymousTracking', options.anonymousTracking]);
}

if (options.consentString !== undefined) {
window.audienceProjectLayer.push(['setConsents', { tcStringV1: options.consentString }]);
}

var scriptDomain = options.anonymousTracking ? 'sak.dnt-userreport.com' : 'sak.userreport.com';
var scriptUrl = 'https://' + scriptDomain + '/' + encodeURIComponent(publisherId) + '/launcher.js';

var script = document.createElement('script');
script.src = scriptUrl;
script.async = true;
document.head.append(script);
}

var publisherId = '%publisherId%';

loadAudienceProjectMeasurementScript(publisherId, {
anonymousTracking: true,
});

The first piece of the snippet defines a JavaScript function called loadAudienceProjectMeasurementScript. This function loads the publisher script in either ”standard mode” or “anonymous mode”, depending on the arguments it receives.

The final piece of the snippet calls the loadAudienceProjectMeasurementScript function with the following options:

  • Anonymous tracking enabled

  • The hardcoded consent disabled - this is typically required when running anonymous mode.

Disabling “anonymous mode” once consent is given

Once the user explicitly consents to measurement, the publisher script’s “anonymous mode” must be disabled in order to ensure good quality reporting. This can be achieved using the following code snippet, which disables anonymous mode and uses the hardcoded consent string:

window.audienceProjectLayer.push(["setAnonymousTracking", false]);

window.audienceProjectLayer.push(["setConsents", { tcStringV1: "BOv_CmhOv_CmhAAABBENDAiAAAAYqABAMUA" }]);

Validating the implementation

You can verify your consent implementation by following the guide How to check and verify your website implementation

Did this answer your question?