On March 4, 2020 at approximately 8AM EST, a code change appears to have been deployed by third party CMP provider Cookiebot. The bugged code produced incorrect (opt-out) consent strings. The bug did not affect the user's actual consent settings.
The consent string was inverted for opt-in vs opt-out. I.e. User's who had not opted out of marketing data were marked as being opted out (1YYY) and vice-versa. Specifications.
Looking at the code here:
We see from the Cookiebot documentation under "Properties" that consent.marketing should be true if the current users have accepted marketing cookie. According to the IAB standards, 'Y' means the user has opted out, 'N' means the user has not opted out, the opposite of what is being set above.
Please sign in to leave a comment.