Vendors without any purposes

Question

Vendors without any purposes

jedlikk opened this issue 2 months ago · 7 comments

Version
1.5.13

Module (core, cmpapi, cli, stub, or testing)
Core

Describe with reproduction steps – What is the expected behavior?
Hello, wanted to ask about expected behaviour and potentially report a bug.
We have for example this vendor (ID: 279), that doesn't have any purposes, but do have special purposes and legitimate interest. LegInt works normally, but when trying to save normal consent for this vendor, it's not being included in TcString. I use function tcModel.vendorConsents.set(), pass this array as value:
[279], and get this tcstring: CQCQqgAQCQqgAF-feBENAXEgAAAAAAAAAB5YAAAAAAAA.YAAAAAAAAAAA, by using this function TCString.encode(tcModel);

I saw some people reporting that it's expected behaviour and vendors without purposes should be ignored, but here https://www.uniconsent.com/ and here https://iabtcf.com/#/encode they are being saved into TCstring. So i'm super confused.

So my question is:
How should we treat and handle vendors without purposes, but only with special purposes? Should we have toggle for users to opt-in/out? But if so, how could we implement it into TCstring if it's being ignored during encoding?

Answer 1 · 2024-07-24T19:02:17.000Z

The IAB vendor 279 does not have any consent legal basis purposes, so it is not possible to enable or disable this vendor with consent legal basis. It has legitimate interest purposes and in this case the Vendor Legitimate Interest status will work for this vendor, and the vendor will appears in this vector in tcModel. The special purposes is LIs but "No right-to-object to processing under legitimate interests via the Framework." based on IAB TCF Policy and there is not any way to collect / save user choice for special purposes

Answer 2 · 2024-07-25T08:09:33.000Z

The IAB vendor 279 does not have any consent legal basis purposes, so it is not possible to enable or disable this vendor with consent legal basis. It has legitimate interest purposes and in this case the Vendor Legitimate Interest status will work for this vendor, and the vendor will appears in this vector in tcModel. The special purposes is LIs but "No right-to-object to processing under legitimate interests via the Framework." based on IAB TCF Policy and there is not any way to collect / save user choice for special purposes

Thank you for your answer, so another question. How does encoder and this cmp (https://www.uniconsent.com/) managed to save it as both Legitimate Interest and normal consent?
CQCT9cAQCT9cABEADBPLA-FoAP_gAEPgAAwIH7NV_G__bXln-X716ftkeY1f9_h7rsQxBhfJs-4FyLvW_JwX32EzNE36pqYKmRIAu3bBIQNtHIjUTUChaogVrTDsak2MoTNKJ6BkiHMRe2dYCF5vmwlD-QKZ5vr_93d52R_t_dr-3dzyz5Vnv3a9_-b1WJidK58tH_v_bROb-IwP2ar-N-2vLP8v3r0_bI8xq_7_D3XYhiDC-TZ9wLkXet-TgvvsJmaJv1TUwVMiQBdu2CQgbaORGomoFC1RArWmHY1JsZQmaUT0DJEOYi9s6wELzfNhKH8gUzzfX_7u7zsj_b-7X9u7nlnyrPfu17_83qsTE6Vz5aP_f-2ic39-RgAA

Answer 3 · 2024-07-25T08:30:44.000Z

Thank you for your answer, so another question. How does encoder and this cmp (https://www.uniconsent.com/) managed to save it as both Legitimate Interest and normal consent?
CQCT9cAQCT9cABEADBPLA-FoAP_gAEPgAAwIH7NV_G__bXln-X716ftkeY1f9_h7rsQxBhfJs-4FyLvW_JwX32EzNE36pqYKmRIAu3bBIQNtHIjUTUChaogVrTDsak2MoTNKJ6BkiHMRe2dYCF5vmwlD-QKZ5vr_93d52R_t_dr-3dzyz5Vnv3a9_-b1WJidK58tH_v_bROb-IwP2ar-N-2vLP8v3r0_bI8xq_7_D3XYhiDC-TZ9wLkXet-TgvvsJmaJv1TUwVMiQBdu2CQgbaORGomoFC1RArWmHY1JsZQmaUT0DJEOYi9s6wELzfNhKH8gUzzfX_7u7zsj_b-7X9u7nlnyrPfu17_83qsTE6Vz5aP_f-2ic39-RgAA
The format of the string is not correct, so it's difficult to say what is inside

Answer 4 · 2024-07-25T08:32:50.000Z

Thank you for your answer, so another question. How does encoder and this cmp (https://www.uniconsent.com/) managed to save it as both Legitimate Interest and normal consent?
CQCT9cAQCT9cABEADBPLA-FoAP_gAEPgAAwIH7NV_G__bXln-X716ftkeY1f9_h7rsQxBhfJs-4FyLvW_JwX32EzNE36pqYKmRIAu3bBIQNtHIjUTUChaogVrTDsak2MoTNKJ6BkiHMRe2dYCF5vmwlD-QKZ5vr_93d52R_t_dr-3dzyz5Vnv3a9_-b1WJidK58tH_v_bROb-IwP2ar-N-2vLP8v3r0_bI8xq_7_D3XYhiDC-TZ9wLkXet-TgvvsJmaJv1TUwVMiQBdu2CQgbaORGomoFC1RArWmHY1JsZQmaUT0DJEOYi9s6wELzfNhKH8gUzzfX_7u7zsj_b-7X9u7nlnyrPfu17_83qsTE6Vz5aP_f-2ic39-RgAA
The format of the string is not correct, so it's difficult to say what is inside

Sorry, mistake in pasting:

CQCT9cAQCT9cABEADBPLA-FoAP_gAEPgAAwIH7NV_G__bXln-X716ftkeY1f9_h7rsQxBhfJs-4FyLvW_JwX32EzNE36pqYKmRIAu3bBIQNtHIjUTUChaogVrTDsak2MoTNKJ6BkiHMRe2dYCF5vmwlD-QKZ5vr_93d52R_t_dr-3dzyz5Vnv3a9_-b1WJidK58tH_v_bROb-_IwP2ar-N_-2vLP8v3r0_bI8xq_7_D3XYhiDC-TZ9wLkXet-TgvvsJmaJv1TUwVMiQBdu2CQgbaORGomoFC1RArWmHY1JsZQmaUT0DJEOYi9s6wELzfNhKH8gUzzfX_7u7zsj_b-7X9u7nlnyrPfu17_83qsTE6Vz5aP_f-2ic39-RgAA

Answer 5 · 2024-07-25T08:44:00.000Z

Sorry, mistake in pasting:

I think they use tcModel.vendorConsents.set(279); that did not check any constraints and as result the generated sting is not correct from regulation (policy) point of view.

Answer 6 · 2024-07-25T08:59:23.000Z

Sorry, mistake in pasting:

I think they use tcModel.vendorConsents.set(279); that did not check any constraints and as result the generated sting is not correct from regulation (policy) point of view.

I tried it that way and still can't see,

but good to know that's not my mistake and that's just the way it's supposed to be. Thanks for your answers.

Answer 7 · 2024-08-23T21:02:29.000Z

We reviewed this in the TCF compliance team. It is possible for vendors do not declare any purposes but only special purposes. The behavior of the library is correct. The CMP that you list, if it allows to set purposes for vendors that are not exposing purposes, is not compliant with the TCF policy. This would need to be fixed by the CMP.