Atomx implemented GDPR* support into the Ad Exchange | Atomx now determines whether or not it believes that GDPR is in effect for a given auction. This may be via a signal by our sellers, detecting that the user is located in an EU nation, or by some other means.

The “Regs” object will signal whether or not the request is subject to GDPR regulations. It will do so via the extension attribute “gdpr” which is an optional integer that indicates: 0 = No, 1 = Yes. Under OpenRTB conventions for optional attributes, omission indicates Unknown.

Regs.ext.gdpr

The “User” object will convey user consent when GDPR regulations are in effect. It will do so via the extension attribute “consent” which is an optional string that contains the data structure developed by the GDPR Consent Working Group under the auspices of IAB Europe. A link to this specification
including its structure and functional interpretation can be found here: Additional Resources.

User.ext.consent

The user consent string is optional, but highly recommended if the request is subject to GDPR regulations (i.e., Regs.ext.gdpr = 1). The default sense of consent under GDPR is “opt-out” and as such, an omitted consent string in a request subject to GDPR would need to be interpreted as equivalent to the user fully opting out of all defined purposes for data use by all parties.


*The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament intend to strengthen data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims to give greater control to EU citizens over their personal data. An important aspect of GDPR is the acquisition and conveyance of user consent over how their personal data may be used (i.e., “purposes”) and by whom (i.e., “companies”). By default, consent is not granted. Users must explicitly opt-in with an option of doing so.