Refine COPPA, align to Activity Controls. Preserve device.geo.{country,region,utcoffset}

[mwang-sticky]

No description provided.

[bretg]

Honestly this sounds like a pretty bad idea, but it's your lawyers. I'll help you be defining a feature which you can then build and submit as an open source contribution.

1. PBS can support an optional host- and account level config privacy.coppa.enabled
2. If privacy.coppa.enabled is false, all COPPA checks are skipped. The default is true.
3. As long as we're doing this, a warning should be placed in the debug output when ext.prebid.trace is defined (both basic and verbose) in either case. e.g. "IP address being rounded due to COPPA flag" or "IP address rounding skipped in COPPA environment due to the feature being disabled."

(Update: it's been decided COPPA enablement isn't needed at this point - updating to pass the country/region is sufficient)

[bretg]

@mwang-sticky - we discussed this in committee and would like to understand your use case in more detail.

[mwang-sticky]

@bretg Thanks for your interpreting.
As an adserve or SSP, we have removed some personal data (ip/zipcode/lat/lon/user) according to our Lawyer's requirements. But we still pass the geo.country, if we remove the geo.country, the request will be considered as IVT and blocked, so I am asking is there any configuration to change the default behavior if coppa=1.
I will test account level configuration, thanks,

[bretg]

@mwang-sticky - COPPA processing should not be removing device.geo.country. That's not happening in PBS-Java. If it's happening in PBS-Go, it's a bug.

However, it might be removing user.geo.country along with everything else in the user object. Is there a reason you need to have the data in user rather than device?

[mwang-sticky]

I use PBS-Go, and the country we are using is device.geo.country, we don't support user.geo now.
If the regs.coppa=1, the auction request

 "device": {
       "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
        "geo": {
            "country": "US",
            "type": 2
        },
        "language": "en",
        "ip": "97.116.103.1",
        "devicetype": 2,
        "dnt": 0,
        "os": "windows",
        "js": 1
    },

and the ortb request to SSP is like

"device":{"geo":{},"dnt":0,"ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36","ip":"97.116.103.0","devicetype":2,"os":"windows","js":1,"language":"en"}

do you mean this is bug in PBS-Go?

[mwang-sticky]

I think the related code

if lmt || coppa {
			privacy.ScrubDeviceIDsIPsUserDemoExt(reqWrapper, ipConf, "eids", coppa)
		}

if scrubFullGeo {
		scrubGeoFull(reqWrapper)
	} else {
		scrubGEO(reqWrapper)
	}

func scrubGeoFull(reqWrapper *openrtb_ext.RequestWrapper) {
	if reqWrapper.User != nil && reqWrapper.User.Geo != nil {
		reqWrapper.User.Geo = &openrtb2.Geo{}
	}
	if reqWrapper.Device != nil && reqWrapper.Device.Geo != nil {
		reqWrapper.Device.Geo = &openrtb2.Geo{}
	}
}

[bretg]

Here's a proposal on geo field anonymization scenarios:

• lat/lng rounded off to 2 digits
• ip and ipv6 rounded per rules at IPv6 Support #1332
• country, region are ok - they're broad in nature
• remove metro, city and zip as they're potentially usable in fingerprinting

[mwang-sticky]

@bretg do you mean the PBS-go will support keeping board device.geo.country and device.geo.region if coppa=1 in the future?

[bretg]

I'm going to propose that to legal counsel and to the committee. If they agree, then yes.

[bretg]

Spoke with Prebid's legal counsel. She agreed that Prebid Server could reasonably preserve device.geo.country, device.geo.region, and device.geo.utcoffset

Updated the details in the Activity Control table prebid/prebid.github.io#5106

[bretg]

Discussed:

• Update COPPA to logically be treated as if transmitUfpd, transmitEids, and transmitPreciseGeo Activities are disallowed.
• Refine transmitPreciseGeo to "device.geo latitude, longitude, and IP address are rounded off. Specifically, lat and long are truncated to two decimal places, IPv4 masks rightmost 8 bits, IPv6 masks the rightmost bits based on a configured value. Device.geo.{country,region,utcoffset} are preserved, but device.geo.{metro,city,zip,ipservice,ext} are removed."

[bretg]

Seems like COPPA should also disallow syncUser and transmitEids.