Skip to main content

CCPA uspapi returning incorrect consent string

Shane Landry
  • Edited

On March 4, 2020 at approximately 8AM EST, a code change appears to have been deployed by third party CMP provider Cookiebot. The bugged code produced incorrect (opt-out) consent strings. The bug did not affect the user's actual consent settings. 

The consent string was inverted for opt-in vs opt-out. I.e. User's who had not opted out of marketing data were marked as being opted out (1YYY) and vice-versa. Specifications.

Looking at the code here:

CookieConsent&&CookieConsent.consent.marketing?a+="Y":a+="N"

We see from the Cookiebot documentation under "Properties" that consent.marketing should be true if the current users have accepted marketing cookie.  According to the IAB standards, 'Y' means the user has opted out, 'N' means the user has not opted out, the opposite of what is being set above.

2

Comments

1 comment

Date Votes
  • Official comment
    Jacob Buch

    Hi Shane,
    The logical error you describe has been confirmed and fixed. It was introduced with the support of IAB CCPA framework using USP API on March 4, 2020. Thank you for making us aware of this!

Please sign in to leave a comment.

Didn't find what you were looking for?

New post