Best practices: Determine U.S. Multi-State Privacy (National) consent status

  Note: Currently, we advise against using the gpp library to retrieve consent statuses for internal purposes as we anticipate future updates that may cause breaking changes to your implementations.  

In this article, we will cover the necessary configurations to check the consent status of a privacy choice for a property using a U.S. Multi-State Privacy (National) vendor list. The step-by-step guide in this article is just one way by which your organization can check consent for a privacy choice and to use that status to load your vendors. 

 Example

For the example used in this article, we have a subset of vendors who solely rely on consent to the Sale or Sharing of Personal Information / Targeted Advertising privacy choice (systemId: 3) to load.

Additionally, we have a subset of vendors who only require consent to certain sensitive data privacy choices: Genetic Data (systemId: 9) and Biometric Data (systemId: 10) to load. 

Your organization's use case may differ from the example (e.g. you might be using different privacy choices or may not have a need for sensitive data at all). The functions and checks have been appropriately named to help you decide which functions to implement. We strongly recommend reviewing our systemId reference guide as you configure your functions to determine which privacy choices need to be checked for consent before loading any vendor code. 


Define function(s) to initialize vendor code

First, your organization will need to define the functions that will load your vendors and which will be called when the required consent is granted for your specified privacy choices. 

function initAllVendors() {
    initSellOrShareVendors();
    initSensitiveDataVendors();
    console.log("initializing all vendors");
}

function initSellOrShareVendors(){
    //call vendors code below
    console.log("initializing sell or share vendor...")
}

function initSensitiveDataVendors(){
    //call vendors code below
    console.log("initializing sensitive data vendor...")
}

Define function to check consent status

Once you have defined the function(s) to call your vendors you will need to define a function that will check the consent status for the pertinent privacy choices and whose status will determine whether your initialize vendor code function(s) are called.

  Note: Refer to the systemId reference guide for a mapping of systemId to privacy choice name. If your use case requires consent for a custom privacy choice to load vendors, please contact your Sourcepoint representative to retrieve the ID for the custom privacy choice. 

function checkConsent(consents,status){
    //Check if the status of the request was successful
    if(status){
        for(key in consents.categories){
            var categoryConsent = consents.categories[key]
            if(categoryConsent.consented === true){
                //check for sale or share consent
                if(categoryConsent.systemId ==3){
                    console.log('Consent for Sale or Sharing of Personal Information / Targeted Advertising found');
                    initSellOrShareVendors();
                }
                //check for sensitive data consent
                if(categoryConsent.systemId == 9 && categoryConsent.systemId == 10){
                    console.log('Consent for Genetic Data and Biometric data found');
                    initSensitiveDataVendors();
                }
            }
        }
    }
}

Execute getUserConsent command 

With your functions defined in your project, you just need to determine whether your U.S. Multi-State Privacy (National) campaign applies to the end-user (i.e. the end-user's location is in your vendor list's framework territories) and build out logic that decides whether the end-user's consent statuses need to be checked.

Within your Sourcepoint client configuration script, navigate to the onConsentReady event callback and add logic to check whether the info.applies is true (whether the end-user is located in a framework territory).

info.applies Logic
true

The end-user is located in a framework territory for U.S. Multi-State Privacy.

Execute getUserConsent command and call function to check consent.

false

The end-user is not located in a framework territory for U.S. Multi-State Privacy.

Call function to load all vendors (initAllVendors) since no consent check needed. 

onConsentReady: function(message_type, consentUUID, euconsent, info) {
  //check to see if US Multi-State Privacy applies
  if(info.applies === true){
    console.log('U.S. Multi-State Privacy applies. Check consent object.');
    window._sp_.usnat.getUserConsents((consents, status)=checkConsent(consents, status));
  }
  //if info.applies is false then initialize all vendors
  else{
    initAllVendors();
  }
}

Example

Please find a full example below:

<!DOCTYPE html> 
<html
  <titleDEMO</title> 
  <head
    <script>
window.__gpp_addFrame=function(e){if(!window.frames[e])if(document.body){var t=document.createElement("iframe");t.style.cssText="display:none",t.name=e,document.body.appendChild(t)}else window.setTimeout(window.__gpp_addFrame,10,e)},window.__gpp_stub=function(){var e=arguments;if(__gpp.queue=__gpp.queue||[],__gpp.events=__gpp.events||[],!e.length||1==e.length&&"queue"==e[0])return __gpp.queue;if(1==e.length&&"events"==e[0])return __gpp.events;var t=e[0],p=e.length1?e[1]:null,s=e.length2?e[2]:null;if("ping"===t)p({gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}},!0);else if("addEventListener"===t){"lastId"in __gpp||(__gpp.lastId=0),__gpp.lastId++;var n=__gpp.lastId;__gpp.events.push({id:n,callback:p,parameter:s}),p({eventName:"listenerRegistered",listenerId:n,data:!0,pingData:{gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}}},!0)}else if("removeEventListener"===t){for(var a=!1,i=0;i<__gpp.events.length;i++)if(__gpp.events[i].id==s){__gpp.events.splice(i,1),a=!0;break}p({eventName:"listenerRemoved",listenerId:s,data:a,pingData:{gppVersion:"1.1",cmpStatus:"stub",cmpDisplayStatus:"hidden",signalStatus:"not ready",supportedAPIs:["2:tcfeuv2","5:tcfcav1","6:uspv1","7:usnat","8:usca","9:usva","10:usco","11:usut","12:usct"],cmpId:0,sectionList:[],applicableSections:[],gppString:"",parsedSections:{}}},!0)}else"hasSection"===t?p(!1,!0):"getSection"===t||"getField"===t?p(null,!0):__gpp.queue.push([].slice.apply(e))},window.__gpp_msghandler=function(e){var t="string"==typeof e.data;try{var p=t?JSON.parse(e.data):e.data}catch(e){p=null}if("object"==typeof p&&null!==p&&"__gppCall"in p){var s=p.__gppCall;window.__gpp(s.command,(function(p,n){var a={__gppReturn:{returnValue:p,success:n,callId:s.callId}};e.source.postMessage(t?JSON.stringify(a):a,"*")}),"parameter"in s?s.parameter:null,"version"in s?s.version:"1.1")}},"__gpp"in window&&"function"==typeof window.__gpp||(window.__gpp=window.__gpp_stub,window.addEventListener("message",window.__gpp_msghandler,!1),window.__gpp_addFrame("__gppLocator"));
</script>
    <script>
      window._sp_queue = [];
      window._sp_ = {
        config: {
          accountId: 1584,
          baseEndpoint: "https://cdn.privacy-mgmt.com",
          usnat: {},
          propertyHref: "https://checkconsentUSP.com",
          events: {
            onMessageReady: function () {
              console.log("[event] onMessageReady", arguments);
            },
            onMessageReceiveData: function () {
              console.log("[event] onMessageReceiveData", arguments);
            },
            onSPPMObjectReady: function () {
              console.log("[event] onSPPMObjectReady", arguments);
            },
            onSPReady: function () {
              console.log("[event] onSPReady", arguments);
            },
            onError: function () {
              console.log("[event] onError", arguments);
            },
            onMessageChoiceSelect: function () {
              console.log("[event] onMessageChoiceSelect", arguments);
            },
            onConsentReady: function (
              message_type,
              consentUUID,
              euconsent,
              info
            ) {
              //check to see if US Multi-State Privacy applies
              if (info.applies === true) {
                console.log(
                  "U.S. Multi-State Privacy applies. Check consent object."
                );
                window._sp_.usnat.getUserConsents((consents, status) =
                  checkConsent(consents, status)
                );
              }
              //if info.applies is false then initalize all vendors
              else {
                initAllVendors();
              }
            },
            onPrivacyManagerAction: function () {
              console.log("[event] onPrivacyManagerAction", arguments);
            },
            onPMCancel: function () {
              console.log("[event] onPMCancel", arguments);
            },
          },
        },
      };
    </script>
    <script>
      src="https://cdn.privacy-mgmt.com/unified/wrapperMessagingWithoutDetection.js"
      async
    </script>
  </head> 

  <body> 
    <script>
      function checkConsent(consents, status) {
        //Check if the status of the request was successful
        if (status) {
          for (key in consents.categories) {
            var categoryConsent = consents.categories[key];
            if (categoryConsent.consented === true) {
              //check for sale or share consent
              if (categoryConsent.systemId == 3) {
                console.log(
                  "Consent for Sale or Sharing of Personal Information / Targeted Advertising found"
                );
                initSellOrShareVendors();
              }
              //check for sensitive data consent
              if (
                categoryConsent.systemId == 9 &&
                categoryConsent.systemId == 10
              ) {
                console.log(
                  "Consent for Genetic Data and Biometric data found"
                );
                initSensitiveDataVendors();
              }
            }
          }
        }
      }

      function initAllVendors() {
        initSellOrShareVendors();
        initSensitiveDataVendors();
      }

      function initSellOrShareVendors() {
        //call vendor's code below
        console.log("initializing sell or share vendor...");
      }

      function initSensitiveDataVendors() {
        //call vendor's code below
        console.log("initializing sensitive data vendor...");
      }
    </script>
  </body> 
</html> 


Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.