Merge branch 'master' into master

prebid · Jun 21, 2024 · d0c618d · d0c618d
2 parents dfb47b8 + 5d154ab
commit d0c618d
Show file tree

Hide file tree

Showing 11 changed files with 43 additions and 42 deletions.
diff --git a/_data/sidebar.yml b/_data/sidebar.yml
@@ -1801,7 +1801,7 @@
   subgroup: 1
 
 - sbSecId: 7
-  title: Prebid and MSPA
+  title: Prebid US Compliance
   link: /features/mspa-usnat.html
   isHeader: 0
   isSectionHeader: 0

diff --git a/dev-docs/bidders/ringieraxelspringer.md b/dev-docs/bidders/ringieraxelspringer.md
@@ -25,8 +25,6 @@ coppa_supported: false
 usp_supported: false
 ---
 
-
-
 ### Bid Params
 
 {: .table .table-bordered .table-striped }

diff --git a/dev-docs/bidders/smaato.md b/dev-docs/bidders/smaato.md
@@ -275,7 +275,7 @@ Following example includes sample `imp` object with publisherId and adSlot which
          },
          "ext":{
             "smaato":{
-               "publisherId":"100042525",
+               "publisherId":"1100042525",
                "adspaceId":"130563103"
             }
          }

diff --git a/dev-docs/modules/gppControl_usnat.md b/dev-docs/modules/gppControl_usnat.md
@@ -21,7 +21,7 @@ sidebarType : 1
 
 ## Overview
 
-This consent management control module is designed to support the [Global Privacy Platform](https://iabtechlab.com/gpp/) Section 7 string, USNat. For more Prebid-related background, see [Prebid MSPA Support](/features/mspa-usnat.html). In sum, the USNat string is intended to unify various state laws into a single privacy string, with participants' behavior governed by the IAB's ([MSPA](https://www.iabprivacy.com/#)). It is intended to complement, not replace, the GPP consent management module, which gathers GPP consent strings and makes them available to vendor integrations. The goal is to gather sensible and conservative [activity controls](/dev-docs/activity-controls.html) for elements of Prebid.js given various expressions of the [USNat consent string](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Sections/US-National/IAB%20Privacy%E2%80%99s%20National%20Privacy%20Technical%20Specification.md).
+This consent management control module is designed to support the [Global Privacy Platform](https://iabtechlab.com/gpp/) Section 7 string, USNat. For more Prebid-related background, see [Prebid US Compliance Support](/features/mspa-usnat.html). In sum, the USNat string is intended to unify various state laws into a single privacy string, with participants' behavior governed by the IAB's ([MSPA](https://www.iabprivacy.com/#)). It is intended to complement, not replace, the GPP consent management module, which gathers GPP consent strings and makes them available to vendor integrations. The goal is to gather sensible and conservative [activity controls](/dev-docs/activity-controls.html) for elements of Prebid.js given various expressions of the [USNat consent string](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Sections/US-National/IAB%20Privacy%E2%80%99s%20National%20Privacy%20Technical%20Specification.md).
 
 This module does not support any other GPP section id or local GPP api. For US state section see the [GPP Control - US State module](/dev-docs/modules/gppControl_usstates.html). In order to control activities in a section without a control module, publishers can express their controls directly in the syntax of the [activity control infrastructure](/dev-docs/activity-controls.html). If a publisher wants finer control over section 7 implications on Prebid.js behavior than this module provides (eg not invalidating certain strings), they are able to achieve that using the activity control syntax as an alternative to this module.
 
@@ -47,7 +47,7 @@ You can also use the [Prebid.js Download](/download.html) page.
 - [IAB Global Privacy Platform Full Specification Repository](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform)
 - [IAB Global Privacy Platform CMP API Specification](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Core/CMP%20API%20Specification.md)
 - [IAB Global Privacy Platform USNat string Specification](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Sections/US-National/IAB%20Privacy%E2%80%99s%20National%20Privacy%20Technical%20Specification.md)
-- [Prebid MSPA Support](/features/mspa-usnat.html)
+- [Prebid US Compliance Support](/features/mspa-usnat.html)
 - [Prebid Activity Controls](/dev-docs/activity-controls.html)
 - [Prebid Consent Management - US Privacy Module](/dev-docs/modules/consentManagementUsp.html)
 - [Prebid Consent Management - GPP Module](/dev-docs/modules/consentManagementGpp.html)

diff --git a/dev-docs/modules/gppControl_usstates.md b/dev-docs/modules/gppControl_usstates.md
@@ -22,7 +22,7 @@ sidebarType : 1
 ## Overview
 
 This consent management control module is designed to support the [Global Privacy Platform](https://iabtechlab.com/gpp/) US state strings, [GPP sections](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Sections/Section%20Information.md) 8 through 12.
-It works by translating them into an equivalent US national string as detailed in [Interpreting USNat strings](/features/mspa-usnat.html#interpreting-usnat-strings), and using it to apply the same [activity restricitons](/features/mspa-usnat.html#usnat-activity-restrictions).
+It works by translating them into an equivalent US national string as detailed in [Interpreting USNat strings](/features/mspa-usnat.html#interpreting-usnat-strings), and using it to apply the same [activity restrictions](/features/mspa-usnat.html#usnat-activity-restrictions).
 
 {: .alert.alert-warning :}
 Prebid functionality created to address regulatory requirements does not replace each party's responsibility to determine its own legal obligations and comply with all applicable laws. **We recommend consulting with your legal counsel before determining how to utilize these features in support of your overall privacy approach. This module is not intended to replace other consent modules; it supplements them.**
@@ -118,7 +118,7 @@ You can also use the [Prebid.js Download](/download.html) page.
 - [IAB Global Privacy Platform Full Specification Repository](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform)
 - [IAB Global Privacy Platform CMP API Specification](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Core/CMP%20API%20Specification.md)
 - [IAB Global Privacy Platform USNat string Specification](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Sections/US-National/IAB%20Privacy%E2%80%99s%20National%20Privacy%20Technical%20Specification.md)
-- [Prebid MSPA Support](/features/mspa-usnat.html)
+- [Prebid US Compliance Support](/features/mspa-usnat.html)
 - [Prebid Activity Controls](/dev-docs/activity-controls.html)
 - [Prebid Consent Management - US Privacy Module](/dev-docs/modules/consentManagementUsp.html)
 - [Prebid Consent Management - GPP Module](/dev-docs/modules/consentManagementGpp.html)

diff --git a/features/mspa-usnat.md b/features/mspa-usnat.md
@@ -1,11 +1,11 @@
 ---
 layout: page_v2
-title: Prebid MSPA Support
-description: Prebid MSPA Support
+title: Prebid US Compliance Support
+description: Prebid US Compliance Support
 sidebarType: 7
 ---
 
-# Prebid Multi-State Privacy Agreement Support
+# Prebid US Compliance Support
 {: .no_toc}
 
 - TOC
@@ -17,24 +17,27 @@ sidebarType: 7
 
 Starting July 1st 2023, several US states started enforcing new privacy regulations.
 
-The IAB released the "Multi-State Privacy Agreement" (MSPA) as its proposal for how the advertising ecosystem can support these and future US State regulations. References:
+As a result, the IAB released the "Multi-State Privacy Agreement" (MSPA), the Global Privacy Protocol (GPP), and several "sections" of the GPP dedicated to these US states. References:
 
 - [IAB's MSPA](https://www.iab.com/news/multi-state-privacy-agreement-mspa/)
 - IAB Guidance on the [MSPA Decision Tree](https://www.iab.com/wp-content/uploads/2022/12/IAB_MSPA_Decision_Tree.pdf)
 - IAB's [US National technical protocols](https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/tree/main/Sections)
 
+Prebid refers to GPP Sections 7-12 as "US Compliance", which is distinct from the original [US Privacy](https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md) approach which has been deprecated.
+
 ### Glossary
 
 1. **Global Privacy Platform (GPP)** - A technical IAB framework that defines a container format for communicating multiple privacy protocols. e.g. GPP can contain existing Transparency and Consent Framework (TCF) strings, various US privacy string formats, and other future implementations.
 1. **GPP Section ID (SID)** - the GPP container may contain multiple encoded privacy protocol strings. Each protocol gets its own SID in the overall GPP container. e.g. TCF-EU is assigned SID 2.
-1. **Multi-State Privacy Agreement (MSPA)** - the IAB's contractual framework for publishers to manage various US state privacy laws.
+1. **Multi-State Privacy Agreement (MSPA)** - the IAB's contractual framework for publishers to manage various US state privacy laws. Note that there are high profile companies in the industry that have not signed the MSPA, but are still able to process the IAB's technical protocol to consider user preferences.
 1. **MSPA Covered Transaction** - Whether a given ad auction falls legally under the MSPA's privacy requirements. For MSPA-covered 'transactions' (ad auctions), publishers must declare themselves in one of two modes: "Service Provider Mode" or "Opt-Out Mode".
 1. **MSPA Service Provider Mode** - "Service Provider Mode is for First Parties who do not Sell or Share Personal Information, and do not Process Personal Information for Targeted Advertising". This means that personal information is never sent to downstream entities.
 1. **MSPA Opt-Out Mode** - For First Parties that may engage in targeted advertising activities or disclose personal information for such purposes. This means that user consent is gathered before privacy-sensitive data is sent to downstream entities.
 1. **US National Privacy Technical Specification (USNat)** -  the IAB's technical framework for encoding MSPA publisher policies and user consents. Stored in the GPP container as SID 7.
 1. **US State Privacy Technical Specifications** - the IAB has defined technical frameworks for 5 states based on their interpretation of state privacy laws. These protocols are similar to the US National protocol and are stored in the GPP container as SIDs 8 through 12.
+1. **US Compliance** - the term Prebid uses to encompass both US National Privacy Technical Specification and the US State Privacy Technical Specifications.
 1. **Global Privacy Control (GPC)** - a browser-level control for end users. Some US states have referred to a global control so that users don't have to state their preferences on each website they visit. The USNat protocol strings also contain the GPC flag.
-1. **US Privacy** - this is the IAB's original version of a US privacy protocol, meant to address CCPA only. It's active during a transition period until September 30, 2023.
+1. **US Privacy** - this is the IAB's original, now deprecated, version of a US privacy protocol, meant to address older California laws.
 1. **Prebid Activity Controls** - Prebid.js and Prebid Server have identified a set of behaviors for activities that may be in scope for privacy concerns such as transmitting user IDs. These activities may be allowed or suppressed with flexible conditions and exceptions as defined by the publisher.
     - [Prebid.js Activity Controls](/dev-docs/activity-controls.html) were released with PBJS 7.52
     - [Prebid Server Activity Controls](/prebid-server/features/pbs-activitycontrols.html) were released with PBS-Java 1.118
@@ -50,29 +53,29 @@ Prebid's assumptions about the MSPA and the US National Privacy specification:
 1. For requests that are in-scope for SIDs 7 through 12 that are not "covered" by MSPA, Prebid treats them as being in "Opt-Out Mode". This implies that CMPs have prompted users for consent and encoded the results in the relevant section of the GPP container.
 1. Prebid never changes the GPP string. This means that all downstream vendors will see whatever the CMP set.
 1. Prebid has implemented a default way to interpret the US National string (SID 7) in the context of each Prebid Activity.
-1. US state privacy rules do not mandate the cancellation of contextual advertising, but rather are focused on protecting user privacy. Therefore, Prebid's MSPA module may anonymize different aspects of a header bidding auction, but will never outright cancel an auction.
+1. US state privacy rules do not mandate the cancellation of contextual advertising, but rather are focused on protecting user privacy. Therefore, Prebid's US compliance  modules may anonymize different aspects of a header bidding auction, but will never outright cancel an auction.
 1. There are differences in the US state-level protocols and the US National protocol as defined by the IAB. (e.g. child consent for targeted advertising is somewhat different across SIDs 7 through 12.)
 1. Rather than implementing several very similar modules and forcing publishers to include separate modules for each US state, Prebid handles state differences through a normalization process. The differences for each state are mapped onto the US National (SID 7) string, and that string is interpreted for which activities are allowed or suppressed. As with the rest of Prebid’s approach, this is a default intended to ease publishers’ ability to comply with the state laws, but publishers should make their own determinations about state law obligations and consult legal counsel to ensure that they feel comfortable that this approach allows them to meet their legal obligations.
 1. Publishers that do not agree with Prebid's default behavior may override the behavior. This includes the interpretation of the USNat string as well as the normalization of state protocols.
 1. The Global Privacy Control (GPC) flag is interpreted as a strong user signal that ad requests should be anonymized.
 1. There's no need to support a data-deletion activity for MSPA.
-1. Prebid doesn't need to explicitly support mapping US National Privacy SID 6 (legacy US Privacy) for anonymization activities. This is covered by a feature on Prebid Server where SID 6 is pulled out into regs.us_privacy and is covered by documentation in Prebid.js.
+1. Prebid doesn't need to explicitly support mapping GPP SID 6 (legacy US Privacy) for anonymization activities. This is covered by a feature on Prebid Server where SID 6 is pulled out into regs.us_privacy and is covered by documentation in Prebid.js.
 
-## USNat Support in Prebid Products
+## US Compliance Support in Prebid Products
 
 ### Prebid.js
 
 Here's a summary of the privacy features in Prebid.js that publishers may use to align with the guidance of their legal counsel:
 
 {: .table .table-bordered .table-striped }
-| Prebid.js Version | USNat-Related Features | Notes |
+| Prebid.js Version | US Compliance-Related Features | Notes |
 | ----------------- | ---------------------- | ----- |
 | before 7.30 | None | If you operate in the US, you should consider upgrading. |
-| 7.30-7.51 | **GPP module** | The [GPP module](/dev-docs/modules/consentManagementGpp.html) reads the GPP string from a compliant CMP and passes to compliant bid adapters. Not many bid adapters supported GPP in earlier versions. |
-| 7.52-8.1 | GPP module <br/> **Activity&nbsp;Controls** | [Activity Controls](/dev-docs/activity-controls.html) provide the ability for publishers to allow or restrict certain privacy-sensitive activities for particular bidders and modules. See examples in that document for supporting CCPA directly. |
-| 8.2-8.x | GPP module<br/>Activity Controls<br/>**USNat module** | The [USNat module](/dev-docs/modules/gppControl_usnat.html) processes SID 7. |
-| After 8.x | GPP module<br/>Activity Controls<br/>USNat module<br/>**US&nbsp;State&nbsp;module** | The US State module processes SIDs 8 through 12 after normalizing protocol differences. |
-| After 8.10 | **GPP Module**  | The [GPP module](/dev-docs/modules/consentManagementGpp.html) now understands GPP 1.1 which makes it incompatible with GPP 1.0. Publishers **<u>MUST</u>** upgrade for continued GPP support. |
+| 7.30-7.51 | **Consent&nbsp;Mgmt&nbsp;GPP&nbsp;module** | The [GPP module](/dev-docs/modules/consentManagementGpp.html) reads the GPP string from a compliant CMP and passes to compliant bid adapters. Not many bid adapters supported GPP in earlier versions. |
+| 7.52-8.1 | Consent&nbsp;Mgmt&nbsp;GPP&nbsp;module <br/> **Activity&nbsp;Controls** | [Activity Controls](/dev-docs/activity-controls.html) provide the ability for publishers to allow or restrict certain privacy-sensitive activities for particular bidders and modules. See examples in that document for supporting CCPA directly. |
+| 8.2-8.9 | Consent&nbsp;Mgmt&nbsp;GPP&nbsp;module<br/>Activity Controls<br/>**GPP&nbsp;USNat&nbsp;module** | The [GPP USNat module](/dev-docs/modules/gppControl_usnat.html) processes SID 7. |
+| 8.10+ | Consent&nbsp;Mgmt&nbsp;GPP&nbsp;module<br/>Activity Controls<br/>USNat module<br/>**GPP&nbsp;US&nbsp;State&nbsp;module** | The [GPP US State module](/dev-docs/modules/gppControl_usstates.html) processes SIDs 8 through 12 after normalizing protocol differences. |
+| 8.10+ | **Consent&nbsp;Mgmt&nbsp;GPP&nbsp;module**  | The [GPP module](/dev-docs/modules/consentManagementGpp.html) now understands GPP 1.1 which makes it incompatible with GPP 1.0. Publishers **<u>MUST</u>** upgrade for continued GPP support. |
 
 ### Prebid Server
 

diff --git a/prebid-server/developers/add-a-module.md b/prebid-server/developers/add-a-module.md
@@ -2,7 +2,6 @@
 layout: page_v2
 sidebarType: 5
 title: Prebid Server | Developers | Adding a Module
-
 ---
 
 # Prebid Server - Adding a Module
@@ -11,7 +10,7 @@ title: Prebid Server | Developers | Adding a Module
 This document guides you through the process of developing a module for host companies to plug into their instance of Prebid Server.
 We encourage you to look at existing modules for working examples. You can also ask us questions by [submitting a GitHub issue](https://github.com/prebid/prebid-server/issues/new).
 
-* TOC
+- TOC
 {:toc }
 
 ## Overview
@@ -142,6 +141,7 @@ to the PBS host company. Examples:
 If your module either utilizes or supplies user-level data like User First Party Data or precise geographic information, it must adhere to the framework supplied by the [Activity Controls](/prebid-server/features/pbs-activitycontrols.html).
 
 For instance:
+
 - if your module is going to supply user-level data (e.g. "job title") to bid adapters, it must check permissions for the `enrichUfpd` activity.
 - if your module is going to forward the entire ORTB request to an endpoint, it must check the `transmitUfpd` and `transmitPreciseGeo` activity permissions.
 
@@ -173,7 +173,7 @@ The details of the implementation depend on the platform.
 Other rules for open source PBS pull request:
 
 - Unit test coverage must exceed 90%.
-- A maintainer email address must be provided and be a group, not an individual. e.g. "[email protected] rather than [email protected]
+- A maintainer email address must be provided and be a group, not an individual. e.g. <[email protected]> rather than <[email protected]>
 
 ### 10. Write the Module Documentation
 
@@ -184,7 +184,7 @@ create a file in /prebid-server/pbs-modules. You can start by copying one of the
 - Prerequisites: any necessary account activation, other required modules, etc.
 - Configuration: both init and runtime
 - Analytics Tag support
-- Privacy Support: disclose whether the module has user privacy implications and support for TCF-EU, TCF-CA, CCPA, MSPA, etc.
+- Privacy Support: disclose whether the module has user privacy implications and support for TCF-EU, TCF-CA, CCPA, etc.
 
 ### 11. Submit the Pull Requests