GED_PLAYLIST_ACTIVITY session cookie and TCF compliance

[Tobias Klipstein]

Hello IMA team,

some publishers, that embed our player, notified us about a session-cookie called GED_PLAYLIST_ACTIVITY which is set when the user did not give consent via their TCF 2.0 CMP. We further looked into that issue and saw that the Google IMA, which we load in our player, is setting this session cookie in a loop within https://s0.2mdn.net/instream/video/client.js by only checking whether cookies are enabled via "navigator.cookieEnabled". 

What is your opinion on setting such a session-cookie when no TCF consent was given and for which TCF purposes and vendor is this cookie used? In case a user consent is required, how could we disable setting this cookie?

Maybe as background: even if we cannot monetize via DoubleClick, because we did not receive consent, we use Google IMA to request another ad-server to display alternative video-ads that do not require consent. Not loading IMA when there is no consent would defeat this use-case.

Looking forward to you help on this topic.

Regards, Tobias

[IMA SDK]

Hi Tobias,

Thank you for reporting this issue to us.

Could you share with us what type of video player is being used here? I’m asking this because I saw a similar case wherein the GED_PLAYLIST_ACTIVITY cookie shows up in compliance with GDPR. This is to verify if this is related to that case.

Also, for our test reference, would it be possible for you to share with us a sample app or live page URL (with your player implementation) where this cookie is showing? You may also include the steps on how to reproduce the issue.


Regards,

 

Sherwin Diesta IMA SDK Team

ref:_00D1U1174p._5004Q2B18pY:ref

[Tobias Klipstein]

Hi Sherwin,

the test-case is as follows. Loading and instantiating Google IMA on a page where a TCF CMP is installed and a user does not give consent.

Can I share a test-page privately with the used player?

Regards, Tobias

[IMA SDK]

Hi Tobias,

Yes, you can send the test page or if possible the sample project file privately to our testing alias: imate...@gmail.com


Regards,

[Tobias Klipstein]

Hi Sherwin,

were you able to look at the example I've sent to the mentioned mail and what is Google's opinion for setting this cookie? Does it fall under legitimate interest or is a consent required according to IAB TCF framework?

Regards, Tobias

[IMA SDK]

Hi Tobias,

I work with Sherwin and will assist you. Thank you for sending us your website in private. I was able to replicate on your website the GED_PLAYLIST_ACTIVITY cookie being created without consent from user. My team is actively working on getting the IMA SDK to respect the denial of consent and you will see a note in our release notes when this becomes live. We will also update you on this thread.

Regards,

Aryeh Baker IMA SDK Team

ref:_00D1U1174p._5004Q2B18pY:ref

[Tobias Klipstein]

Hi Aryeh,

was this issue fixed lately? In my tests I don't see that this GED_PLAYLIST_ACTIVITY cookie is set anymore.

Regards, Tobias

[IMA SDK]

Hi Tobias,

Thank you for reporting this, I checked and didn't see the GED_PLAYLIST_ACTIVITY cookie. Let me ask my team and get back to you as soon as possible.

[Tobias Klipstein]

Just to clarify: I think the issue is fixed now but it would be good if this would be confirmed by you too.

[IMA SDK]

Hi Tobias,

I relayed your request if this is a permanent fix to my team and will get back to you as soon as possible.

[IMA SDK]

Hi Tobias,

I have good news, the fix is live and permanent. Please report back if there ever is a regression.