Overview Prebid.js Prebid Mobile Ad Ops Prebid Video Prebid Server Formats Support Tools Prebid Identity

Prebid Privacy Resources

Overview
Regional Privacy References
Global Privacy References
- Chrome Privacy Sandbox
Further Reading

Overview

Important: This resource should not be construed as legal advice and Prebid.org makes no guarantees about compliance with any law or regulation. Please note that because every company and its collection, use, and storage of personal data is different, you should seek independent legal advice relating to obligations under your regional regulations, including the GDPR, the ePrivacy Directive and individual country/province/state laws. Only a lawyer can provide you with legal advice specifically tailored to your situation. Nothing in this guide is intended to provide you with, or should be used as a substitute for, legal advice tailored to your business.

Prebid has many tools that can be utilized to help publishers and app developers achieve the data privacy goals defined by their legal teams. We cannot help you decide what to do, but this page will help you understand the tools that various Prebid products offer in support of user privacy.

Regional Privacy References

United States

To support the complicated US landscape for privacy regulations, the IAB developed the “Global Privacy Protocol” (GPP) and technical protocols for the US as a whole and for each state that has privacy regulations.

Prebid.js support for GPP - GPP is just a container that can hold specific regional protocols.
Prebid US Compliance Support - if you do business in the United States, you should talk to your lawyers about whether Prebid’s US Compliance modules would be useful in helping to achieve your company’s privacy policies.

The ‘US Privacy’ approach has been deprecated by both the IAB and Prebid.

The IAB’s original “US Privacy” standard was designed for the California rules known as CCPA or CPRA.

Europe

The privacy tools that Prebid has built in support of European rules may help address the requirements of the GDPR and the Digital Services Act.

The IAB defined the Transparency and Consent Framework (TCF) to address European GDPR rules. Prebid support for TCF is described:

Canada

Please see Prebid’s support for Quebec privacy law 25.

Global Privacy References

Chrome Privacy Sandbox

Privacy Sandbox is the name the Chrome browser has given to a series of features aimed at smoothing the transition off the 3rd party cookie.

Topics

At a high level, the “Topics” feature is Chrome’s way of defining a taxonomy of information that can be used for ad targeting. See Chrome Topics for details.

There’s actually nothing to do to enable Topics in Prebid.js – bidders will receive their own Topics if they’ve implemented that feature. That said, Prebid.js does have a Topics FPD Module that allows bidders to share each other’s Topics.

Prebid Server supports reading the Topics headers and inserting them into the OpenRTB at user.data.

Protected Audience API

PAAPI (also called PAA) is Chrome’s solution for ad targeting done in a privacy-friendly way. In short, GAM will kick off an in-browser auction after the contextual auction. If the in-browser auction wins, it can override the ad chosen by GAM.

See Chrome’s PAAPI documentation for the full background.

To enable Interest Group bidding in Prebid, you can add the Prebid PAAPI For GPT Module.

Note that ‘FLEDGE’ was the original name of the Protected Audience feature. The name of the Prebid.js module may change in the future.

Prebid.js and the PAA Test Period

During the first part of 2024, Chrome and GAM are running a test of PAAPI on a limited subset of traffic. However, the PAAPI For GPT Module enables Interest Group auctions 100% of the time. During the test period, publishers can better align browser and programmatic ad behavior by only enabling Prebid interest group bids for the relevant Chrome testing labels.

If you want to gather interest group bids only when InterestGroup (IG) auctions are very likely to run, you can enable the module like this:

Promise.resolve(navigator.cookieDeprecationLabel?.getValue?.()).then(label => {
    pbjs.setConfig({
        paapi: {
            enabled: !label || label.startsWith("treatment_") || label === 'label_only_5'
        }
    });
});

If you want to gather interest group bids whenever when IG auctions might run, you can enable the module like this:

Promise.resolve(navigator.cookieDeprecationLabel?.getValue?.()).then(label => {
    pbjs.setConfig({
        paapi: {
            enabled: !label || label.startsWith("treatment_") || label != 'label_only_1'
        }
    });
});

Prebid Server and the PAA Test Period

Chrome sets “cookie-deprecation” labels to let the ecosystem know whether the current request is enabled for IG auctions and whether 3rd party cookies are active.

Prebid Server reads the HTTP header set by Chrome and copies the value to the OpenRTB at device.ext.cdep.

Prebid.js Versions Supporting Privacy Sandbox

This table may be useful to publishers trying to decide which version of Prebid.js to use to support Privacy Sandbox.

Prebid.js Version	Notes
8.22	Makes Prebid FPD available to the PAAPI generateBid, scoreAds, and reportResult functions
8.15	Added floor signal to the paapiForGpt module
8.9	Initial release of the paapiForGpt module, Sec-Browsing-Topics header enabled
8.8	The topicsFpd module is released, allowing bidders to share topics

Prebid Server Versions Supporting Privacy Sandbox

PBS-Go Version	Notes
0.239.0	Basic passthrough support

PBS-Java Version	Notes
2.11	Topics and Test Labels
1.111	Basic passthrough support