Question: Add in GPP Support

[AaronColbyPrice]

Epsilon team is looking at implementing GPP support in SharedId V2[ the TAM sans Prebid.js implementation]. Currently only GDPR/TCF is supported.

Questions

1. For stakeholders of this project, is this a desirable feature to have. It seems like the industry is moving towards supporting GPP but there is some pushback to rely solely on TCF from some parties (mainly EU interested parties).
2. If we do support GPP, what are the main sections that we should support. GPP is simply a way to encapsulate different privacy strings from various country and state standards. Obviously we would continue to support TCF and could add in new functionality as needed. In our opinion we should probably look at pulling in UsNat then UsState then look at others like Canada + Quebec and beyond.

Design

We looked at doing a direct port from Prebid.js however due to the complexities of the design it does not seem viable as it would mean porting in a lot more code than needed and making the solution more complicated and laborious to maintain.

Instead we plan on using the embedded Shared ID module in Prebid.js as a reference for which activities (Prebid.js method of handling different actions across various privacy frameworks) we need to support and only adding in those to the Shared ID project.

@pycnvr @johnwier @jdwieland8282

[AaronColbyPrice]

@jdwieland8282 We'd love to get your thoughts on this and the impact/relevance it would have to TAM

[jdwieland8282]

Hi @AaronColbyPrice, thanks for your patience. What would support look like in your mind? My sense is that GPP support is a function of a publishers CMP passing a GPP signal, or rather making a GPP signal available, to the page for prebid to add to regs.gpp, which exchanges and DSPs would then react to. Its not clear to me what SharediD needs to do there or if it needs to be involved.

[AaronColbyPrice]

@jdwieland8282 Thanks for your response. The thinking on our side is that we are supporting GDPR/TCF in the SharedID module here to see if we have storage consent:

Shared-id-v2/src/lib/consenthandler/consentHandler.js

Line 56 in fbb270d

hasStorageConsent(callback){

So if GPP is being quickly adopted then perhaps SharedID should support that too. There are a few ways we could look at it.

Pro - GPP:

1. The Pub doesn't necessarily understand what permissions may be required by Shared ID and how to implement them so having GPP support would allow us to pull the GPP string (like we do with TCF) and have out of the box support for it that would be applied the same in all implementations. Right now we check to see if GDPR applies before analyzing the TCF string. This means we only are checking in the EU.

Against GPP:

1. In looking at the Prebid.js implementation they have checks that look at COPPA and disable SharedId. The easier way to do this would be to have Publishers check COPPA themselves in their CMP and disable SharedID rather than just passing that data through. Likewise, they could do the same with whatever GPP data they have and decide if they should enabled SharedID.

Hopefully that helps bring you up to speed on what consent checking we are already doing and what we may need to do going forward. Let me know if you have any other questions.