|
Overview
The Children's Online Privacy Protection Act ("COPPA") is a U.S. federal law that was passed in 1998 and has been in effect since April 2000. COPPA regulates the collection of personal information from children under the age of 13 by online services including websites, mobile apps and advertising services. Under COPPA, personal information is considered anything that can be used to track a child across sites, apps or devices. This includes persistent identifiers (e.g. cookies, device IDs, etc.), full IP addresses, full user agents, precise geo-location, etc. COPPA prohibits behavior advertising, retargeting and user-profiling. In OpenRTB bid requests, there is a 'COPPA' flag in the "regs" object. This flag is set to true ("1") by the upstream publisher or SSP before the bid request is sent to downstream DSPs and buyers.
Beeswax has amended our privacy framework to ensure bid requests that represent children under the age of 13 are processed in a COPPA compliant manner. This allows for 'kids-safe' advertising to happen on the Beeswax platform.
Beeswax COPPA Behavior
Bid Request
When Beeswax receives a bid request with the COPPA flag set to true, the PII will be obfuscated or truncated on the bid request, and a number of features will be restricted or prohibited. These features are listed below:
- Audience Targeting and Retargeting: Any user targeting based on PII is not allowed for COPPA compliant traffic. Contextual targeting is allowed.
- Precise Geo Targeting: Lat / Long, IP address or Zip+4 targeting is not allowed.
- Macros: Use of device/user or precise geo macros will be prohibited.
- Logs and Reporting: PII values will be obfuscated or truncated in logs and reporting. See below for more details.
COPPA Compliant Traffic
For clients using BaaS, it may be declared whether or not to receive COPPA compliant traffic to your bidder. The three options for this configuration are:
This configuration will be set at the Bidder level in Beekeeper. Please reach out to your Beeswax account team for more information. |
- DROP: No COPPA traffic will be sent to your bidder. This is the default setting for all bidders.
- COMPLY_FOR_COPPA: COPPA flagged traffic will be sent to your bidder. There will be no change to how non-COPPA flagged bid requests are processed.
- COMPLY_FOR_ALL: COPPA flagged traffic will be sent to your bidder. All bid requests, regardless of the COPPA flag, will be treated as COPPA compliant.
OpenRTB Field Changes when using COPPA
To ensure the Beeswax platform is completely compliant when processing COPPA requests, certain fields that are commonly used in OpenRTB are considered “Personal Data”. In order to protect this data from being used or transferred outside of the Beeswax service, certain changes are made to fields when passed in macros, bidding agent requests, augmentor requests, and log files. Specifically, for requests subject to GDPR handling without user consent, the following fields will be affected:
Restricted Fields in Log Files
| Raw Log Field Name | Proto Field Name | COPPA Handling |
|---|---|---|
| platform_device_ifa | Device.ifa | blank |
| platform_device_idfa | Device.idfa | blank |
| platform_device_didmd5 | Device.didmd5 | blank |
| platform_device_didsha1 | Device.didsha1 | blank |
| platform_device_dpidmd5 | Device.dpidmd5 | blank |
| platform_device_dpidsha1 | Device.dpidsha1 | blank |
| user_id | N/A | blank |
| geo_lat | Device.lat | truncated to 3 decimal places |
| geo_long | Device.long | truncated to 3 decimal places |
| ua | Device.ua | blank |
| ip_address | Device.ip | truncated to 3 octets |
| ipv6_address | Device.ipv6 | truncated to 6 octets |
| inventory_source_user_id | User.id | blank |
These fields will be impacted when the request is subject to COPPA Compliance handling. Truncating geo_lat and geo_long reduces their accuracy to approximately 100 meters. |
Changes to Macro Values
In addition to the fields listed above, the following fields will be restricted in macros:
| Macro | GDPR Handling |
|---|---|
| {{USER_ID}} | Blank |
| {{IOS_ID}} | Blank |
| {{ANDROID_ID}} | Blank |
| {{LAT}} | Truncated to 3 decimal places |
| {{LONG}} | Truncated to 3 decimal places |
| {{USER_AGENT}} | Blank |
| {{IP_ADDRESS}} | Truncated to first 3 octets |
| {{IP_ADDRESS_IPV6}} | Truncated to first 6 octets |
| {{AGE}} | Blank |
| {{GENDER}} | Blank |
| {{LIVERAMP_IDL}} | Blank |