AMP implementation GDPR and CCPA combined

Sourcepoint offers messaging capabilities for multiple regulatory frameworks for your AMP property. These messages are surfaced to your end-users in accordance with the campaigns (and scenarios) that you configure for the AMP property. In this article, we will cover how to implement GDPR TCF or CCPA or both on your AMP property.

Implementation of the combined GDPR & CCPA AMP script relies on the <amp-geo> component, for the relevant article click here.

More information on geo-targeting options can be found on the official AMP documentation page, click here and here.

  Note: Please be advised that the configuration of your AMP property (property, vendor list, messages, etc...) in the Sourcepoint portal needs to follow prescribed guidelines specific to AMP. In addition to this implementation article, please review our AMP configuration guidelines article.


Implementation code snippet for AMP property

In this section, we will cover the various elements that you may find in the GDPR TCF and CCPA implementation code for your AMP property. The GDPR TCF and CCPA implementation code can be divided into three distinct sections:

AMP headers

The following scripts should be copied into the header of the AMP property without modification:

<!-- required for the amp-consent component -->
<script async custom-element="amp-consent" src="https://cdn.ampproject.org/v0/amp-consent-0.1.js"></script>
<!-- required for geo-targeting -->
<script async custom-element="amp-geo" src="https://cdn.ampproject.org/v0/amp-geo-0.1.js"></script>
<!-- required to sync auth_id with publishers domain and Google.com domain -->
<script async custom-element="amp-analytics" src="https://cdn.ampproject.org/v0/amp-analytics-0.1.js"></script>

<amp-analytics> component

The following code should be inserted near the top of the body of the AMP property without modification. This component allows an end-user’s consent selections to persist across AMP pages hosted on a google domain and your organization's domain. 

<amp-analytics type="googleanalytics">
   <script type=application/json>
      {
         "linkers": {   
            "authId": {
               "ids": {
                  "_a":"CLIENT_ID(AMP-CONSENT)"
               },
               "enabled":true,
               "proxyOnly":false
            }
         },
         "cookies": {
            "enabled":true,
            "authId": { 
               "value":"LINKER_PARAM(authId, _a)"
            }
         }
      }
   </script>
</amp-analytics>

<amp-geo> component

The <amp-geo> component allows your organization to define the countries/regions where GDPR TCF and CCPA should apply, respectively. You will need to configure separate ISOCountryGroups for each regulatory framework which will be leveraged later in your <amp-consent> component. 

  Note: Click here for more information on restricting consent collection to specific regions.

<amp-geo layout="nodisplay">
   <script type="application/json">
      {
         "ISOCountryGroups": {
            "eea": ["preset-eea", "unknown"],
            "us": ["us"]
         }
      }
   </script> 
</amp-geo> 

<amp-consent> component

The amp-consent component is where you will include the specific account and property details for your organization. Within the component you will need to update certain placeholders with the correct values.

  Note: Implementing GDPR or CCPA or both regulatory frameworks for your AMP property you will need to utilize the geoOverride parameter within the <amp-consent> component  to leverage your ISOCountryGroups.

General parameters GDPR TCF parameters CCPA parameters
The following parameters should be included in the <amp-consent> component outside of geoOverride:

 

Parameter Description
consentInstanceId

Parameter tells the <amp-consent> component to use Sourcepoint code. This parameter should always be set to sourcepoint.

accountId Replace the {__SP_ACCOUNT_ID__} placeholder with your Sourcepoint account ID.
stageCampaign

A parameter that accepts a boolean value. When set to true, the implementation will display a CCPA or GDPR TCF messaging campaign configured for the stage environment.

propertyHref Property created in the Sourcepoint analytics dashboard that contains the message, scenario, partition set, and campaign.

Replace the {__SP_PROPERTY_HREF__} placeholder with the property name, preceded by the https:// protocol. For example, a property defined as amp.property.tcfv2 in the UI should have a propertyHref value of https://amp.property.tcfv2.
promptUISrc URL that will return the post prompt user interface where end-user's can change their consent.

The path should always be set to https://{CNAME DOMAIN}/amp/unified/index.html?authId=CLIENT_ID&source_url=SOURCE_URL where {CNAME DOMAIN} would be replaced by the CNAME domain record previously created.
<script type="application/json">
   {
      "consentRequired": false,
      "checkConsentHref": false,
      "consentInstanceId": "sourcepoint",
      "postPromptUI": "consent-ui",
      "promptUISrc": "https//{CNAME DOMAIN}/amp/unified/index.html?authId=CLIENT_ID&source_url=SOURCE_URL",
      "clientConfig": {
         "accountId": {__SP_ACCOUNT_ID__},
         "propertyHref": {__SP_PROPERTY_HREF__},
         "stageCampaign": false 
      },
      "geoOverride": {
         "eea": {
            "consentRequired": "remote",
            "checkConsentHref": "https://{CNAME DOMAIN}/wrapper/tcfv2/v1/amp-v2?authId=CLIENT_ID",
            "clientConfig": {
               "pmTab": "purposes",
               "privacyManagerId": [[ privacy manager ID]]
            }
         },
         "us": {
            "consentRequired": "remote",
            "checkConsentHref": "https://{CNAME DOMAIN}/wrapper/ccpa/amp-v2?authId=CLIENT_ID",
            "clientConfig": {
               "isCCPA": true,
               "privacyManagerId": [[ privacy manager ID]]
            }
         }
      }
   }
</script>

Implementation code example

The following is a code example using a property from a demo account and the default domain from Sourcepoint.

<!doctype html>
<html amp lang="en">
   <head>
      <meta charset="utf-8">
      <title>Hello AMPs</title>
      <script async src="https://cdn.ampproject.org/v0.js"></script>
      <!-- required for the amp-consent component -->
      <script async custom-element="amp-consent" src="https://cdn.ampproject.org/v0/amp-consent-0.1.js"></script>
      <!-- required for geo-targeting -->
      <script async custom-element="amp-geo" src="https://cdn.ampproject.org/v0/amp-geo-0.1.js"></script>
      <!-- required to sync auth_id with publishers domain and Google.com domain --> 
      <script async custom-element="amp-analytics" src="https://cdn.ampproject.org/v0/amp-analytics-0.1.js"></script>
   </head>
   <body>
      <h1>Welcome to the mobile web CCPA & GDPR</h1>  
      <amp-analytics type="googleanalytics">
         <script type=application/json> 
            {
               "linkers": {
                  "authId": {
                     "ids": {
                        "_a":"CLIENT_ID(AMP-CONSENT)"
                     },
                     "enabled":true,
                     "proxyOnly":false
                  }
               },
               "cookies": {
                  "enabled":true,
                  "authId": { 
                     "value":"LINKER_PARAM(authId, _a)"
                  }
               }
            }
         </script>
      </amp-analytics>
      <amp-geo layout="nodisplay">
         <script type="application/json">
            {
               "ISOCountryGroups": {
                  "eea": ["preset-eea", "unknown"],
                  "us": ["us"]
               }
            }
         </script>
      </amp-geo>
      <amp-consent id='consent' layout='nodisplay' type='SourcePoint'>
         <script type="application/json">
            {
               "consentRequired": false,
               "checkConsentHref": false,
               "consentInstanceId": "sourcepoint",
               "promptUISrc": "https://cdn.privacy-mgmt.com/amp/unified/index.html?authId=CLIENT_ID&source_url=SOURCE_URL",
               "clientConfig": {
                  "accountId": 1732,
                  "propertyHref": "https://amp.newscriptdemo.com",
                  "stageCampaign": false
               },
               "geoOverride": {
                  "eea": {
                     "consentRequired": "remote",
                     "checkConsentHref": "https://cdn.privacy-mgmt.com/wrapper/tcfv2/v1/amp-v2?authId=CLIENT_ID",                                          
                     "postPromptUI": "eea-consent-ui",
                     "clientConfig": {                        
                        "privacyManagerId": 547514,                       
                        "pmTab": "purposes"                        
                     }
                  },
                  "us": {
                     "consentRequired": "remote",
                     "checkConsentHref": "https://cdn.privacy-mgmt.com/wrapper/ccpa/amp-v2?authId=CLIENT_ID",
                     "postPromptUI": "us-consent-ui",
                     "clientConfig": {
                        "isCCPA": true,
                        "privacyManagerId": 548950
                     }
                  }
               }
            }
         </script>
      </amp-consent>
      <div id="eea-consent-ui">
         <button on="tap:consent.prompt(consent=SourcePoint)">Privacy Settings</button>
      </div>
      <div id="us-consent-ui">
         <button on="tap:consent.prompt(consent=SourcePoint)">Do not sell my personal information</button>
      </div>
   </body>
</html>
Was this article helpful?
0 out of 0 found this helpful