User story
As a publisher, I want the system to decode the IAB TCF and GPP consent strings on every incoming request, so that consent status (including withdrawals) is always current and never stale.
Acceptance criteria
Affected area
Core (synthetic IDs, cookies, GDPR), Fastly runtime
Proposed approach
- Extract TCF (
euconsent-v2) and GPP (gpp / gpp_sid) values from the incoming request (cookie or query param, depending on CMP integration).
- Decode TCF v2 string per the IAB TCF spec — extract purpose consents and vendor consents relevant to our vendor ID.
- Decode GPP string per the IAB GPP spec — identify applicable US section and extract opt-out signals.
- Produce a unified consent result (e.g.,
ConsentStatus { has_consent: bool, jurisdiction: EU | UK | US | Unknown }) for downstream use.
- If no string is present or decoding fails, default to
has_consent: false.
Additional context
Sub-issue of #54. Related to #312, PR #380.
TCF = IAB Transparency & Consent Framework (EU).
GPP = Global Privacy Platform (US + multi-jurisdiction).
User story
As a publisher, I want the system to decode the IAB TCF and GPP consent strings on every incoming request, so that consent status (including withdrawals) is always current and never stale.
Acceptance criteria
Affected area
Core (synthetic IDs, cookies, GDPR), Fastly runtime
Proposed approach
euconsent-v2) and GPP (gpp/gpp_sid) values from the incoming request (cookie or query param, depending on CMP integration).ConsentStatus { has_consent: bool, jurisdiction: EU | UK | US | Unknown }) for downstream use.has_consent: false.Additional context
Sub-issue of #54. Related to #312, PR #380.
TCF = IAB Transparency & Consent Framework (EU).
GPP = Global Privacy Platform (US + multi-jurisdiction).