About IAB’s USP Compliance Framework
IAB’s USP Compliance Framework is enabled by default when Cookiebot (uc.js) is loaded, contrary to IAB Europe's TCF framework. As such there's no need to set any special attributes to enable it.
If you wish to use the IAB USP Framework with Cookiebot, you'll need to sign IAB's Multi-State Privacy Agreement though.
IAB USP Compliance Framework has three main components to it:
- An agreement that publishers (websites) must inform Californian consumers about their rights at the point of data collection, as well as offering a means of opting out.
This means:
- Inform which categories of personal information is being collected
- Request permission for disclosure to third parties of collected personal information
- Allow deletion of collected information
- Include a "Do Not Sell My Personal Information" link on their digital properties
How does it work?
You can "ask" the __uspapi
stub for consent information. The stub has three parameters:
__uspapi(Command, Version, Callback)
Argument Name | Type | Value |
command | string | 'getUSPData' |
version | number | US Privacy spec version |
callback | function | function(uspData: uspdata, success: boolean) |
Here is an example on how to view the content of the uspData
object:
__uspapi('getUSPData', 1 , (uspData, success) => {
if (success)
console.log('cmp response: ', JSON.stringify(uspData));
});
uspData
is a JSON with the following format:
{
"version": 1,
"uspString": "1YNY"
}
"version" is a number, indicating the US Privacy spec version, currently 1.
"uspString" is a string, built up as follows:
Character | Value | Explanation |
1st | 1 | US Privacy spec version |
2nd | Y / N | Explicit notice / Opportunity to opt out |
3rd | Y / N | User opted out of sale of personal information |
4th | Y / N | Publisher is a signatory to the IAB Limited Service Provider Agreement |
For users where CCPA doesn't apply, the string's value will always be "1---".
The visitor's consent state must be established before querying
We recommend fetching the consent string after the CookiebotOnConsentReady event is dispatched by the Cookiebot script.
__uspapi
for a consent string. If a consent string is fetched before the Cookiebot script has established the visitor's consent state it will be assumed that CCPA applies. This ensures ads are not served without prior consent.We recommend fetching the consent string after the CookiebotOnConsentReady event is dispatched by the Cookiebot script.
Here is an example of how this can be done:
window.addEventListener('CookiebotOnConsentReady', (e) => {
__uspapi('getUSPData', 1 , (uspData, success) => {
if (success)
console.log('cmp response: ', JSON.stringify(uspData));
})
}, false);
Comments
0 comments
Please sign in to leave a comment.