ATS

2. Provide a Valid Consent String

Suggest Edits

Based on the user's location, ATS Envelope API may require a standardized consent string. A consent string is an encoded string that encapsulates a user’s consent choices regarding the processing of their personal information.

Make sure you have a proper Consent Management Platform (CMP) in place that can provide a valid consent string so you can successfully retrieve an Identity Envelope. If a user is located in a country that is outside of the EU/EEA and is not the U.S., ATS Envelope API will successfully return an envelope without the need for a consent string. There are three major privacy regulations that you should pay attention to.

  • GDPR: The General Data Protection Regulation (GDPR) is a "regulation in EU law on data protection and privacy in the European Union and the European Economic Area". If a user is located in an EU (or EEA, in some cases) country, consent is required.
  • State-level GPP: The US State-level Regulation (GPP) is "a state statute intended to enhance privacy rights and consumer protection for residents of the United States".
  • CCPA (soon to be deprecated BY IAB): The California Consumer Privacy Act (CCPA) is "a state statute intended to enhance privacy rights and consumer protection for residents of California, United States".

For Users in the EU/EEA (GDPR)

When calling the Envelope API for users in the EU/EEA, you will need to supply a valid TCF v2.2 compatible consent string. See an example of a valid TCF v2.2 consent string below:

CPSzMzJPTeGtxADABCENB_CoAP_AAEJAAAAADGwBAAGABPADCAY0BjYAgADAAngBhAMaAAA.YAAAAAAAA4AA

LiveRamp will check if the following requirements are present in the consent string:

  • LiveRamp is listed as a vendor (ID 97)
  • Positive consent signal (true) for TCF purposes 1 to 10, special purposes 1 and 2, and features 1 and 2.

You can decode a TCFv2.2 consent string to check if it contains the required values using IAB's TC string decoder.

If a user revokes their consent, we suggest that you remove the identity envelope from configured storage.

For Users in the U.S. (GPP and CCPA)

When calling the Envelope API for users in the US, ATS accepts consent strings in conjunction with the Global Privacy Platform (GPP). During this initial rollout of the GPP, the CCPA framework can still be used.

CCPA

ATS will take an approach of "soft" enforcement to the CCPA Privacy String. If a user in the U.S. declines consent, in which case a negative string will be given, ATS API will respect the settings. See an example of a CCPA consent string below.

1YNN

GPP

While the GPP consent string is not a requirement during this time, we strongly recommend that you implement this protocol as soon as possible as it will become the new industry standard for conveying opt-in consent through the ad tech ecosystem in the U.S.. See the examples of a GPP and CCPA consent string below: 

DBABLA~BVQqAAAAAAA

LiveRamp expects the following values in the consent string:

  • SharingNotice, SaleOptOutNotice, SharingOptOutNotice, TargetedAdvertisingOptOutNotice: 1
  • SensitiveDataProcessingOptOutNotice, SensitiveDataLimitUseNotice: 0 or 1
  • SensitiveDataProcessing, KnownChildSensitiveDataConsents: 0
  • SaleOptOut, SharingOptOut, TargetedAdvertisingOptOut: 2
  • PersonalDataConsents: 0 or 2

Y​ou can check whether a GPP string contains the required values using IAB's GPP string decoder.

If a user revokes their consent, we suggest that you remove the Identity Envelope from the configured storage.

For Users in Other Countries

When calling the Envelope API for users in all other countries (outside of the EU/EEA and not the U.S.), ATS Envelope API will successfully return an envelope without the need for a consent signal.

Updated 16 days ago

What’s Next