Passing GDPR consent to 3rd Party adserving & measurement Vendor

[sunnypav]

Our DSP uses Third-party ad serving is an approach where Advertisers utilise services of a third party vendor to generate ad tags and share across those ad tags to DSP. DSP stores and serves an ad tag (tag = snippet of HTML or VAST URL) in place of the ad.

Currently our DSP hosts a proxy adserver which loads the 3rd party ad tag along with that we add our own measurement and 3rd party measurement/verification related partner scripts/trackers.

We are planning to have our proxy adserver URLs as the adrenderURL out of generateBid() function. As adrender URLs needed to be k-anonymous i couldn't find a way to pass the information such as GDPR consent back to ad-serving vendor and other partners in iframe or fenced frame based ad-rendering. I could see only size related macros being supported on adrenderURL, are there any plans to support macros for passing consent based strings as part of adrender URL. There is a way to pass via registerAdBeacon, reportEvent and registerAdMacro but these are suitable for our use case.

Please let us know your thoughts on the same.

[sunnypav]

https://developers.google.com/authorized-buyers/rtb/protected-audience-api#after_in-browser_auction

I do see GDPR related macros in the GAM documentation but no mention of these macros anywhere in the API explainer.

[michaelkleber]

This functionality is supported using the deprecatedReplaceInURN macro replacement API. See #286 (comment) for more history and details.

[sunnypav]

Is there any place where it is documented about this function ? Couldn't really understand how someone can use it. I feel the Fledge proposals are not getting updated with these changes making it hard to find out the required info at one place.

Also, its said in the comment that this function won't outlast cookie deprecation, in that case how one pass the required GDPR consent to the ad-rendering ? Also, its not clear who should call this API and which player in the auction flow supplies the GDPR consent information for these macros.

[michaelkleber]

On the contrary, what we said in that comment is that "we will continue to support deprecatedReplaceInURN until at least 2026."

You're quite right that this material needs better documentation. As I mentioned on that issue a few months ago, at one point we were hesitant to spec things with short intended lifespans, but at this point we need to accept that these will be around for a while. You can see how to use the existing API in this comment, but we should write it more clearly in the explainer and spec.

[dmdabbs]

Suggest adding a 'supported until' note on https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/feature-status. There's already a callout for navigator.deprecatedURNToURL().

[michaelkleber]

@sunnypav The in-progress spec for our implementation is over in the Fenced Frame spec:

https://wicg.github.io/fenced-frame/#dom-navigator-deprecatedreplaceinurn

[thegreatfatzby]

Want to give a very big +1 to getting a "formal" statement in the google feature status page that deprecatedReplaceInURN will not go away until at least 2026 (the deprecatedURNtoURL blue note says it goes away with 3PCD). This can help resolve, or at least make better, quite a few issues being publicly discussed in the last few weeks regarding medium term support of current use cases.

[dmdabbs]

I created a request for this 'supported until' note over at the fenced frames repo where deprecatedReplaceInURN is specified.
WICG/fenced-frame#143

[dmdabbs]

There is now a formal feature encompassing deprecatedReplaceInURN:
Protected Audience: Split up large trusted signals fetches & deprectedReplaceInURN via auction config