User Consent - GDPR and CCPA

Owned by Daniel Kojokaro (Unlicensed)
Last updated: Jul 20, 2023
2 min read

Inventory from certain locations is subjected to regulations that affect ad activity.

Specifically, inventory from EEA countries + the UK has to be GDPR compliant, and US-California inventory has to be CCPA compliant.

Most publishers, especially small-medium ones, will use 3rd party consent solutions (Consent Management Platform, or CMP), like Google Funding Choices. These solutions usually identify the user’s location, display the relevant consent prompts, and then mark the user’s status ('CCPA-with consent’, ‘GDPR-no consent’ etc.).

GDPR

The General Data Protection Regulation (GDPR) is a set of legal guidelines “for the collection and processing of personal information from individuals who live in the European Union (EU)”.

GDPR requires an opt-in cookie consent model, i.e. cookies can’t be used on a website to collect the user’s data until the user agreed to it. This is why most websites now prompt EU users to “accept all cookies” when they enter the website.

GDPR and Browsi Video

Browsi supports consent-based targeting options on the advertiser, tag, or publisher levels.

This rules disable requests as long as a European user has no consent flag. The flag will not be present if the domain has no consent solution. As long as the user is prompted for consent, we will send requests. Advertisers can then choose to ignore requests if the user rejected cookies (or is still looking at the prompt and has not yet clicked ‘accept’).

None of this is required by regulation, but cookie-less INV will lead to significantly lower bid rates and CPMs.

CCPA

The California Consumer Privacy Act (CCPA) “gives consumers in California additional rights and protections regarding how businesses may use their personal information”.

CCPA requires an opt-out cookie consent model, i.e. cookies can be used to collect the user’s data by default, but the user has to be able to disable this data collection.

The disclaimers and opt-out options for CCPA are handled by the CMP, who identifies California-based users.

CCPA and Browsi Video

Browsi supports consent-based targeting options on the advertiser, tag, or publisher levels.

This rules disable requests as long as a California user has no consent flag. The flag will not be present if the domain has no consent solution. As long as the user is allowed to opt out of cookie collection, we will send requests. Advertisers can then choose to ignore requests if the user opted out.

None of this is required by regulation, but cookie-less INV will lead to significantly lower bid rates and CPMs. This isn’t as dramatic as with GDPR, since most users will not bother with opting out.