Skip to main content

Configure Organization and Vendors (GDPR for Web)

Setting up vendor selection is of key importance to your business. Privacy Manager allows you to fully customize the vendor and purpose selection from the Parties tab area in Console.

Note

If you have any questions about vendor selection, email us at support-privacy-manager@liveramp.com.

Caution

Requests to add a new custom vendor will be processed on the last business day of each month. When you submit a request for a custom vendor, LiveRamp will make an update by the end of the month and will inform you once it's completed.

Getting There

To navigate to the Parties tab:

  1. Go to the Privacy Manager GDPR Overview page by selecting Privacy Manager > GDPR from the left navigation menu.

    Screenshot_2022-07-25_at_15_37_54.png
  2. Click the configuration name for the configuration you want to edit.

  3. Select Parties from the left navigation menu.

Configuring Consent Settings for Your Organization

Your organization may need to establish transparency and consent for a set of personal data processing purposes for your own use. For example, a publisher that wants to set a frequency-capping first-party cookie should request user consent for Purpose 1 "Store and/or access information on a device" in jurisdictions where it is required.

Organization consent data are passed in the “Publisher TC segment” in the LR TC String. pubConsent is optional.

The Publisher TC segment in the TC string represents the organization’s own transparency and consent signals, and is separated from the general TC String segments. This segment supports the standard list of purposes defined by the TCF as well as Custom Purposes. Vendors should not rely on the Publisher TC segment unless they're in agreement with the organization to do so.

To enable Organization Consent, check the “Collect consent or claim legitimate interest for my organisation” check box.

You can choose from a variety of IAB TCF purposes and custom purposes for which your organization wants to collect consent or legitimate interest.

You can also lock a custom purpose for a Custom Vendor to cover “functional cookies” use cases. If a custom purpose is locked, the end-user is not able to revoke consent / legitimate interest and thus is considered as 'Always On'.

To configure purposes:

  1. From the Organization section, click Choose Purposes.

    Screenshot_2022-07-26_at_12_11_35.png
  2. If desired, select the appropriate tab for the purpose list you want to choose from:

    Screenshot_2022-07-26_at_12_12_05.png
    • ALL: Contains both the IAB TCF purposes and the custom purposes

    • IAB TCF: Contains only the IAB TCF purposes

    • Custom: Contains only the custom purposes

  3. For each purpose you want to enable:

    1. Check the check box.

    2. If applicable, select the legal ground for the purpose (Consent or Legitimate Interest).

    3. If you want to prevent the end-user from being able to revoke consent for that purpose, check the “Lock purpose” check box.

  4. Once you’re finished selecting all of your desired purposes, click Save.

Configuring Third-Party Vendors

The Vendors area displays your current vendor selections and their respective Purposes, Special Purposes, Custom Purposes, Features, and Special Features.

Caution

Before configuring your third-party vendors, note that the Privacy Manager will disclose the number of third-party vendors you selected on the first layer of the CMP. The second layer of the CMP will also display the number of third-party vendors that are seeking consent (or pursuing data processing purposes on the basis of their legitimate interests) for each purpose.

We recommend contacting your vendors to make sure that they are compliant with the requirements set by TCF V2.2 and are able to provide the following information:

  • Legitimate interest claim

  • Retention period per-purpose

  • Category of data collected

You can select vendors using the following methods:

  • Choose vendors in the UI: You can choose vendors from both the IAB Global Vendor List and the Custom Vendor List

  • Upload vendors: If you want to add many vendors, you can upload a csv file containing all the vendors you want to configure.

Tip

For tips on how to select the right vendors, see the best practices and tips in "General FAQs."

You can choose vendors by selecting from all of the vendors on the IAB Global Vendor List and the Google ATP list, as well as Custom Vendors.

To choose vendors from the vendor list:

  1. From the Vendors section, click Choose Vendors.

    Screenshot_2022-07-26_at_12_47_52.png
  2. If desired, select the appropriate tab for the vendor list options you want to choose from:

    • ALL: Contains all of the vendors from the IAB Global Vendor List (GVL), the Custom Vendor List, and the Google ATP List

    • IAB TCF: Contains all of the vendors from the IAB Global Vendor List. The IDs match the vendor IDs as listed on the IAB Global Vendor List. Note: The contents of this list is updated on a weekly basis.

    • Custom: Contains all of the vendors from the Custom Vendor List and the Google ATP List. The custom vendor IDs start at “10000”, Google ATP vendor IDs start at "20000".

  3. For each vendor you want to enable, check the check box for that vendor.

  4. Once you’re finished selecting all of your desired vendors, click Save.

Note

If a vendor is not on the IAB GVL or on the Custom Vendor List, you can make a request to add it to the Custom Vendor List by making a request through the Messenger in Console. Include the vendor's legal name and the URL for its privacy policy.

Custom vendors can generally be used for disclosure and for providing controls to conditionally load connected tags. Check out "Set up Conditional Firing Using LaunchPad" for more information on using custom vendors in combination with conditional firing. By default a custom vendor is assigned to all IAB purposes and the following custom purposes:

  • Strictly Necessary Cookies

  • Functional

  • Analytics

  • Advertising

  • Social Media* (*only for known social media vendors)

Apply publisher restrictions to control for which purposes you wish to obtain consent for each custom vendor.

Note

Custom Purposes ( i.e. Analytical , Functional , Advertising, Social Media , Direct Marketing and Strictly Necessary Cookies) are only available for Custom Vendors (non-IAB Vendors). At the same time only Custom Purposes can be locked.

If you wish to configure multiple vendors and purpose restrictions simultaneously, you can configure them by uploading a CSV (comma-separated value) file.

  1. Create a .csv file containing all the vendors that you want to configure. Add vendors, and assign purposes and legal basis.

  2. For each vendor you will need to specify the purpose and legal basis for that purpose:

    Vendor ID

    Purposes (Consent)

    Purposes (Legitimate Interest)

    Locked Purpose

    1

    1 2 3 4

    5 6 7

    2 3

    2

    1 2 3

    4 5 6 7

    3

    In a row, vendor id goes in first place, next is purposes separated by a space, then legit interest purposes and lastly whether a purpose should be locked (only applicable for custom purposes on custom vendors).

    • If a purpose is omitted from both purposes as well as legitintPurposes it would infer a restriction “is not allowed”.

    • If a purpose is omitted from purposes, but it is shown under legitintPurposes then it should be shown as legitimate interest purpose

    • If a purpose is omitted from legitintPurposes, but it is shown under purposes then it should be shown as consent purpose.

    Tip

    Click here to download an example .csv file.

  3. Click Upload Vendors.

  4. Select the appropriate .csv file and click Open.

Now all vendors and purposes from the .csv have been added to your vendor selection.

Note

It is only possible to lock a purpose if it’s a custom purpose for a custom vendor. When configuring a locked purpose for a vendor, the purpose to be locked MUST be listed under a legal ground.

Tip

While directly deleting a vendor is not possible, you can remove them by uploading a .csv file that does not contain said vendor.

Example Cases

Here's what happens if an input is submitted that does not align with the IAB vendor list:

Example Vendor id 1 is listed in vendor list for Consent Purposes 1,2,4,7,8,10 and Flexible Purposes 2,4,7,8,10

  • If a .csv is uploaded with "1,1 2,3", a restriction will be added for purposes 4,7 since they are omitted, and it will ignore 3 since it is not in LI for that vendor

  • If a .csv is uploaded with "1,1 2 3 4 5 6 7 8 9 10", no restrictions will be applied, since all purposes for vendor 1 are listed in the vendor list, and 3, 5, 9 will be ignored since they are not listed for vendor id 1.

  • If .csv is uploaded with "10007,1 2 3 26,4,26":

    • Purposes 1,2,3 and 26 will be listed under consent for vendor 10007

    • Purpose 4 will be listed under legitimate interest

    • Purpose 26 will be locked and set to "always on”

What Happens to Existing Vendors When I Upload a .csv?

When a new .csv file with vendors' configuration is uploaded, all of the existing vendors and their configuration will be overridden by the CSV file. Additionally, vendors will be removed if they are not in the csv file that is being uploaded. For example, if vendors 1,2,3 which are already in the configuration are not present in the CSV, they will be removed.

Applying Publisher Restrictions

TCF v2.0 includes Flexible Purposes. It allows vendors to register flexible legal bases, and default legal bases, for example:

  • Purpose 1 – consent

  • Purpose 2 – consent or legitimate interest (default: legitimate interest)

  • Purpose 3 – consent

  • Purpose 4 – consent or legitimate interest (default: consent)

Publishers may use the Publisher controls (also known as Publisher restrictions) in Console to switch from the default legal basis if the vendor allows. The Publisher is also able to disallow a specific purpose from a vendor.

To apply publisher restrictions, use one of the following methods:

  • Use the vendors csv bulk upload functionality

  • Use Console: Click the edit icon in the row for the vendor you want to apply publisher restrictions to.

For each purpose you may choose to override the legal basis using the dropdown menu. The dropdown menu can have the following values:

  • No Restriction: The default legal basis will be used.

  • Not Allowed: Data processing is not allowed under any legal basis and the purpose will not be shown in the Privacy Manager for the organization or vendor.

  • Legitimate Interest: If the purpose is a flexible purpose with “consent” as default legal basis, then selecting “legitimate interest” will override the default legal basis to be legitimate interest. (Only shown for organizations or for vendors in case of a flexible purpose.)

  • Consent: If the purpose is a flexible purpose with “legitimate interest” as default legal basis, then selecting “consent” will override the default legal basis to be consent. (Only shown for organizations or for vendors in case of a flexible purpose.)

A purpose can only be shown under one legal basis.

Restricting Legitimate Interest for all Vendors

In some countries it may be prohibited to use legitimate interest as a legal basis. It may be advised to restrict legitimate interest. The control to restrict legitimate interest for all vendors will switch all flexible purposes from li to Consent and disable the purposes for vendors that claim legitimate interest without a flexible purpose. So in case a vendor claims legitimate interest for a purpose and does not offer it as a flexible purpose, then the purpose will be restricted for that vendor. Please keep in mind that restricting purposes may affect the vendor’s ability to function.

“Special purposes” are exempt from this setting. Special purposes are not listed in the tc string, but they do affect the li state of the vendor. In case a vendor is using a Special Purpose then the vendor’s li state will appear as “true” in the tc string.

  • Special Purpose 1 - Ensure security, prevent fraud, and debug

  • Special Purpose 2 - Technically deliver ads or content

The “Restrict Legitimate Interest for all vendors” setting can be found under “More Options” in the “vendors” section.

Locked Custom Purposes

The publisher restrictions section also provides controls for locked custom purposes. Locked purposes can be used to disclose strictly necessary purposes for vendors without allowing the end user to control the consent state.

In case a vendor is connected to a locked purpose, the end user will no longer be able to control the consent state of either the purpose nor the vendor.

Configuring Disclosures

Use the Disclosure section to control the disclosure of purposes and stacks in the Privacy Manager UI.

See the sections below for an overview of the items in the Disclosures section.

Stacks

Stacks are combinations of Purposes and/or Special Features of processing personal data used by participants in the Framework that may be used to substitute or supplement more granular Purpose and/or Special Feature descriptions in the Privacy Manager. Using stacks you can reduce the amount of purposes and special features that the consumer is confronted with initially.

When a stack is shown in Privacy Manager, the stack description and connected purposes will be shown nested under the stack title.

IAB Stacks

Stack 1, Precise geolocation data, and identification through device scanning covers special features. You can decide to disclose Stack 1 instead of the individual special purposes:

  • Special Feature 1: Use precise geolocation data

  • Special Feature 2: Actively scan device characteristics for identification

Beside stack 1 you are able to choose an additional stack. After clicking on “Choose Stack” a drawer will appear providing an overview of all the available stacks and their connected purposes. Stack 42 which covers all IAB purposes is enabled by default. Any purpose that is not covered by a stack will be shown separately in the Privacy Manager.

Custom Stacks

A custom stack can be used to substitute a custom purpose on the privacy notice. You can create and configure custom stacks in the Content Editor area of the Content tab section.

When creating a new configuration, the custom stack “Functional, Analytics, Advertising (non-IAB vendors) and Social Media cookies” is shown by default. Unlike with IAB stacks, there is no inherent connection between custom stacks and purposes.

Custom Purposes

When a custom vendor is selected that is associated with one or more custom purposes, then they will be shown in the Privacy Manager UI. By default, custom purposes are not shown on the Privacy Notice. Instead the default configuration settings rely on a custom stack. Enable “Disclose custom purposes on Privacy Notice” if you want the custom purposes to be disclosed individually on the Notice.

Reordering Privacy Notice Items

All stacks, purposes, and special features that are disclosed in the Privacy Notice UI (as well as in the Purposes Overview) are listed in the disclosures section. All items can be reordered simply by dragging and dropping.

Note

Purpose 1 is always shown on top in the Purposes Overview.

Note

The option to “Hide the Purposes/ Stacks/ Special Features Disclosure on the Privacy Notice” is only available when you choose to use CMP ID 0 or your own CMP ID.

Specific Jurisdiction Disclosures

Some European countries are not required to obtain consent for storing on- or accessing a device.

Depending on which country you’re operating in, this may be applicable for you.

Privacy Manager supports the functionality to omit purpose 1 from the UI while the PurposeOneTreatment, which is a special element in the consent string supported by the IAB, is set on ‘true’.

When enabling the feature to not disclose purpose 1, please provide the country you’re operating in to ensure that vendors can still handle the consent data accordingly. By default the publisher country code is “AA”. The PublisherCC is only relevant when the value for PurposeOneTreatment is set to “true”.

Always check with your own legal entity to ensure that the country you’re operating in, does support the specific jurisdiction disclosures.

  1. From the Parties tab, scroll down to the Disclosures area.

  2. To enable Stack 1, check the check box for “Select Stack 1 to substitute Special Features."

  3. To choose a different additional IAB stack or to choose a different custom stack:

    1. Click Choose stacks.

    2. Check the check box for the desired stack.

    3. Click Save.

  4. If desired, click on the drag icon to drag a stack or purpose into a new position.

    Note

    Purpose 1 is always shown on top in the Purposes Overview.

  5. If you want the custom purposes to be disclosed individually on the Privacy Notice, check the check box for “Disclose custom purposes on Privacy Notice”.

  6. If you’ve chosen to use CMP ID “0” (or your own CMP ID) and you want to hide the purposes/stacks/special features disclosure, check the check box for “Hide the Purposes/ Stacks/ Special Features Disclosure on the Privacy Notice”.

  7. To omit Purpose 1 from the Privacy Manager UI and set the PurposeOneTreatment to “true” in the TC String, check the check box for “Do not disclose Purpose 1”.

  8. To preview your selections, click Preview.

  9. When you’re ready to publish your changes, click Publish.