About Display & Video 360 and bidding on personalized ads inventory in compliance with the GDPR

To comply with the General Data Protection Regulation (GDPR), Display & Video 360 restricts its usage of user data on inventory identified as GDPR traffic and on inventory in the EEA, the UK, and Switzerland with no indication of GDPR applicability (collectively referred to as ‘GDPR Inventory’ in this article).

Bid on personalized and non-personalized ads

GDPR restrictions fall into three tiers that affect how advertisers' campaigns may bid on inventory:

• Limited ads: This disables the collection, sharing, and use of personal data for ads personalization and other features that require the use of a local identifier. For more information on Limited ads see here.
• Non-personalized ads: User data and local storage is used for non-personalized purposes only. Although non-personalized ads don’t use user identifiers for ad targeting, they do still use user identifiers for purposes like frequency capping and aggregated ad reporting.
• Personalized ads: User data and local storage can be used for personalized ads.

On GDPR Inventory with no indication of user consent, Display & Video 360 applies a Limited ads treatment. However, consent signals within IAB's Transparency & Consent Framework (TCF) can enable a different treatment.

On GDPR Inventory with user consent indicated using TCF, Display & Video 360 will bid on personalized ads when all of the following criteria are met:

• End user grants Google consent to:
  • Store and/or access information on a device (Purpose 1)
  • Create a personalized ads profile (Purpose 3)
  • Select personalized ads (Purpose 4)
• Legitimate interest is established for Google to:
  • Select basic ads (Purpose 2)
  • Measure ad performance (Purpose 7)
  • Apply market research to generate audience insights (Purpose 9)
  • Develop and improve products (Purpose 10)
• The SSP or exchange needs to register for at least one purpose and have obtained a valid legal basis for that purpose.

If the requirements for personalized ads are not met for GDPR Inventory, Display & Video 360 will bid on non-personalized ads when all of the following criteria are met:

• Google has consent to:
  • Store and/or access information on a device (Purpose 1)
• Legitimate interest is established for Google to:
  • Select basic ads (Purpose 2)
  • Measure ad performance (Purpose 7)
  • Apply market research to generate audience insights (Purpose 9)
  • Develop and improve products (Purpose 10)
• The SSP or exchange needs to register for at least one purpose and have obtained a valid legal basis for that purpose.

Using creatives with third-party technologies

Display & Video 360 customers can use creatives that include third-party technologies to provide functionality such as ad serving or independent reporting. Both the customers and the vendors who provide these technologies should respect their EU User Consent Policy obligations. If the vendor uses cookies or other local storage, the vendor will want to determine the end-user's consent, and Display & Video 360 supports macros for customers to configure how consent signals are passed to vendors.

On GDPR Inventory with TCF signals, Display & Video 360 only serves ads with third-party technologies when all vendors meet the following criteria:

• Each vendor who is registered on the IAB Europe TCF Global Vendor List (GVL) needs to register for at least one purpose and have obtained a valid legal basis for that purpose.
• Each vendor who is not registered on the IAB Europe TCF Global Vendor List (GVL) must be included in the Additional Consent signal (passed in OpenRTB as consented_providers_settings).

Macros

Display & Video 360 supports the following macros for passing GDPR-related information via third-party pixels for GDPR Inventory:

• ${GDPR}: 0 or 1, 0 = traffic from a non-GDPR region, 1= traffic from a GDPR region
• ${GDPR_CONSENT_xxxxx} where xxxxx is the numeric Vendor ID of the vendor receiving the TC string: TC string received in bid request.
• addtl_consent=${ADDTL_CONSENT} where ADDTL_CONSENT is a dot-separated list of user-consented Google Ad Tech Provider (ATP) IDs, as described in Additional Consent signal.

Cookie sync

Google supports &gdpr and &gdpr_consent parameters to pass TCF consent information for both in-bound and out-bound cookie sync requests. On requests geolocated to the EEA, the UK, and Switzerland, cookie sync will not operate unless these parameters are included (or a &process_consent=T parameter is included).

For requests with TCF signals, Display & Video 360 will sync cookies with third-party vendors for GDPR Inventory if all of the following criteria are met:

• Google has consent to:
  • Store and/or access information on a device (Purpose 1)
  • Create a personalized ads profile (Purposes 3)
  • Select personalized ads (Purposes 4)
• Legitimate interest is established for Google to:
  • Select basic ads (Purpose 2)
  • Measure ad performance (Purpose 7)
  • Apply market research to generate audience insights (Purpose 9)
  • Develop and improve products (Purpose 10)
• The vendor must register for purpose 1 under "consent" AND the user must have granted consent for that vendor.
• For purposes 3 and 4, each vendor must be consented by the user for purposes 3 and 4. If vendors choose to register for purposes 3 and 4 under "Not Used" they are not required to obtain consent for those purposes.