Skip to content

Decode TCF and GPP consent strings on every incoming request #465

Description

@ChristianPavilonis

User story

As a publisher, I want the system to decode the IAB TCF and GPP consent strings on every incoming request, so that consent status (including withdrawals) is always current and never stale.

Acceptance criteria

  • TCF v2 string is parsed and vendor/purpose consent extracted per request
  • GPP string is parsed and US section consent signals extracted per request
  • Decoded consent result is available to SSC gating and revocation logic
  • Handles missing or malformed strings gracefully (treat as no-consent)

Affected area

Core (synthetic IDs, cookies, GDPR), Fastly runtime

Proposed approach

  1. Extract TCF (euconsent-v2) and GPP (gpp / gpp_sid) values from the incoming request (cookie or query param, depending on CMP integration).
  2. Decode TCF v2 string per the IAB TCF spec — extract purpose consents and vendor consents relevant to our vendor ID.
  3. Decode GPP string per the IAB GPP spec — identify applicable US section and extract opt-out signals.
  4. Produce a unified consent result (e.g., ConsentStatus { has_consent: bool, jurisdiction: EU | UK | US | Unknown }) for downstream use.
  5. If no string is present or decoding fails, default to has_consent: false.

Additional context

Sub-issue of #54. Related to #312, PR #380.
TCF = IAB Transparency & Consent Framework (EU).
GPP = Global Privacy Platform (US + multi-jurisdiction).

Metadata

Metadata

Labels

No labels
No labels

Type

Fields

No fields configured for Story.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions