Privacy and Consent Handling in Live Connect Hub

Consent Collected from the web

The privacy settings in type Consent:

1. GDPR/TCF

• Source: TCF API (window.__tcfapi) or TCF frame (__tcfapiLocator)

• Data: gdprApplies flag + tcString consent string

2. US Privacy (CCPA)

• Source: USP API (window.__uspapi) or USP frame (__uspapiLocator)

• Data: uspString consent string

3. GPP

• Source: GPP API (window.__gpp) or GPP frame (__gppLocator)

• Data: gppString + applicableSections array of numbers

4. forcedPrivacyMode

• Source: StandardClientConfig or DistributorClientConfigWithoutVarName

• Data: boolean

  

Consent Loading Flow

• Privacy mode is triggered when (in order):

1. forcedPrivacyMode is true

2. GDPR applies (gdprApplies: true)

3. GPP section array has 2 (EU TCF v2) inside
   (CCPA is collected but not used to decide inPrivacyMode)

Privacy Mode Effects

When in privacy mode, the system implements strict data protection:

Storage Blocking

• Storage Handler: Switches to BlockedStorageHandler

• All Storage Operations: Throw BlockedByConsentError

• Operations Blocked:

• Cookie reading/writing

• LocalStorage access

• Cookie deletion

• All storage operations are completely blocked to protect user privacy.

Data Collection Blocking

• Call Handler: Switches to BlockedCallHandler

• All Call Operations: Throw BlockedByConsentError

• Operations Blocked:

• Identity resolution requests (/idex/ endpoints)

• Data collection requests (/j/ endpoints)

• Any other ajax calls to LiveIntent services

• Tracking pixels (/p/ endpoints)

• Sync container pixels

• Any image-based tracking requests

• When BlockedCallHandler is active, all network communication is completely blocked - no AJAX requests, no pixel tracking, no data collection. This ensures complete privacy protection by preventing any data from leaving the user's browser when privacy consent is not given or when in privacy mode.

Consent Transmission

Consent data is transmitted to downstream services via URL parameters:

Sync Container (IDaaS) URLs (src/sync-container.ts)

• us_privacy: US Privacy consent string

• gpp_s: GPP consent string

• gpp_as: GPP applicable sections

• example: https://i.liadm.com/sync-container?us_privacy=1YNY&gpp_s=DBABT~1YNN&gpp_as=5,7

• Athena table: "auto_logs"."idaas_track_log"

Identity Resolution (Idres) URLs (src/idex.ts)

• gdpr: GDPR applies flag (1/0)

• gdpr_consent: GDPR consent string

• us_privacy: US Privacy consent string

• gpp_s: GPP consent string

• gpp_as: GPP applicable sections

• example: https://idx.liadm.com/idex/unknown/any?duid=123&cd=.liveintent.com&gdpr=1&gdpr_consent=abcABC123&us_privacy=1---&gpp_s=DBABJg~BVoAAJg.QA&gpp_as=10

Pixel (LivePixel) URLs (src/pixel-url.ts)

• us_privacy: US Privacy consent string

• gdpr: GDPR applies flag (1/0)

• gdpr_consent: GDPR consent string

• gpp_s: GPP consent string

• gpp_as: GPP applicable sections

• example: https://rp.liadm.com/j?gdpr=1&gdpr_consent=CPXxRfAPXxRfAAHABBENCuCsAP_AAH_AAAwIHf&us_privacy=1YNN&gpp_s=DBABMA~CPXxRfAPXxRfAAHABBE&gpp_as=2%2C7