Are GDPR parameters mandatory in Eulerian tracking URLs used for impression tracking?




Context


The General Data Protection Regulation (GDPR) is a European legislation aimed at protecting the personal data of citizens of the European Union.

For digital advertising players, this means that users' explicit consent must be obtained before collecting, processing or using their data for advertising measurement.

This requirement led to the development of consent parameters in ad impression tracking links, thus ensuring compliance with GDPR.


Recommendations and Obligations


YES . Implementation of these consent settings is mandatory.


Managing Consent in Advertising Campaigns


In the context of targeted advertising campaigns, user consent must be obtained before personalized advertisements are displayed.

Advertising buying and selling platforms are responsible for collecting this consent.

Eulerian does not intervene at any time in the mechanics of buying and selling advertising. Eulerian's role is to count the number of impressions delivered for a given campaign.

If a user does not give or withdraws consent, Eulerian will consider that user as having opted-out and will anonymize the data in accordance with GDPR guidelines.

The only appropriate purposes for the Eulerian Client (unless otherwise recommended by the Client’s legal teams) are:

1- Stores and/or accesses information on a terminal
7- Measure ad performance


Implementation Types


There are two main types of GDPR consent settings implementation for tracking links:

    For companies registered as IAB Vendor:
  • These companies comply with the specifications established by the Interactive Advertising Bureau (IAB) Europe, which offers a Consent and Transparency Framework (TCF).
  • The consent settings for these companies use TCF standards, facilitating interoperability between different players in the advertising market.
    For companies that are not registered as an IAB Vendor:
  • These companies must implement a personalized consent system that complies with GDPR requirements.
  • Although not standardized, these implementations must ensure that consent is collected, stored, and respected in a transparent and verifiable manner.


GDPR Consent Settings


For each type of configuration (IAB Vendor and non-IAB Vendor), the consent settings vary but have the common goal of ensuring transparency and respect for user choice.

They typically include information about consent status, the categories of data collected, and the purposes for which it is collected.

Expected values ​​should clearly indicate whether or not the user has consented to each type of data processing.


For IAB Vendors (TCFv2):

  • Consent String: An encoded string that represents the user's consent to the various purposes and data processing by the various actors.
  • Consented Purposes: Identifiers of the purposes for which the user has given consent.
  • See table below


For IAB Non-Vendors (by Category):

  • Custom Consent Settings: See table below

Clé
Valeur (à dynamiser)
Type de tracking
Type de CMP
Description
Exemple
gdpr
${GDPR}
Impression
TCFv2 + by Category
Indicates whether GDPR applies or not
(0=No; 1=Yes; null=Yes)
gdpr_consent
${GDPR_CONSENT_STRING}
Impression
TCFv2
Value of the current TCString. For more information:  https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework 
CP5MlgAP5MlgAAHABBENAkEoAP…
pmcat
${PMCAT}
Impression
by Category
Populate with the ids of the denied categories separated by a ”-“. The ids are available in
Collection/Collection/Privacy Management/Consent Management outside TCFv2
1-7
gdpr_pd
${GDPR_PD}
Impression
TCFv2 + by Category
Indicates if there is personal data in the tracking URL parameters
(0=No; 1=Yes)


Useful tools


Creating and decoding TCF strings:  https://iabtcf.com/#/encode