5

My site, which had been live for a few years now, uses AdSense with its integrated GDPR content feature, i.e. in IAB TCF terminology Google is acting as the CMP.

Over the last few weeks I have got the following message "We've detected an issue on your IAB TC string on one or more of your sites or apps. These errors may affect your ability to serve ads to European users. A detailed report is available for you on the EU user consent page".

When I look at the EU Content page in AdSense I can see download the TCF error report I see the following:

Table of ad unit errors

So all errors are to do with consent (according to https://support.google.com/admanager/answer/9999955?hl=en) and it looks like I need to "delete the old TC string and reobtain consent".

My question is I don't know how to do this. What steps can I use to do this? I use AdSense directly (both ad units and auto ads) so it looks like I need to ask my users consent but I don't know how to do this.

Can anyone advise on what I need to do in order to reduce this error count. My sites get around 25,000 page view a day so the numbers mentioned above are not huge but still It would be better to not have any TCF errors at all.

Terry Burton
  • 2,801
  • 1
  • 29
  • 41
Ilyas
  • 741
  • 7
  • 18
  • **DO NOT post images of code, data, error messages, etc.** - copy or type the text into the question. [ask] – Rob Apr 23 '23 at 20:44

1 Answers1

5

Unfortunately the integrated EU User Consent feature of AdSense, which uses Google's Funding Choices API to provide the Consent Management Platform, does not provide an automatic means to prompt for re-consent when the original consent captured in the TC String reaches 13 months old.

In the Funding Choices implementation the TC String is persisted as a data element in a cookie named FCCDCF, with the TC String itself containing the date that consent was provided. To maintain compliance with IAB's TCF v2 framework, when the AdSense API processes this string and discovers that consent has expired it records a policy violation ("Error 3.3") against the ad units and does not render them. But it does nothing to help resolve the situation beyond providing a somewhat opaque notice that there is an issues that may "affect your ability to serve ads to European users"!

Consequently, earnings will drop over time as an increasing proportion of visitors have TC Strings containing consent that is no longer compatible with the rendering of ad units.

To resolve this issue, the AdSense implementation can be preceded by the following JavaScript (amended to match the domain and path of the FCCDCF cookie for the site) that will extract the TC String from the Funding Choices cookie, parse out the consent date, and then erase the cookie if it determines that consent was provided more than 12 months ago.

<script>
  // Delete the Funding Choices cookie if consent is more than 12 months old
  try {
    const nm = "FCCDCF";        // Match name of Funding Choices cookie
    const dm = "mydomain.com";  // Match domain of Funding Choices cookie
    const pa = "/";             // Match path of Funding Choices cookie
    let tc = ('; ' + document.cookie).split('; ' + nm + '=');
    if (tc.length === 2) {
      tc = decodeURIComponent(tc.pop().split(';').shift());
      tc = JSON.parse(tc)[3][0].substring(1,9);
      tc = Uint8Array.from(window.atob(tc), (v) => v.charCodeAt(0));
      let dt = (tc[0] * 2**28) + (tc[1] * 2**20) + (tc[2] * 2**12) +
               (tc[3] * 2**4)  + (tc[4] >> 4);
      if (Date.now() / 1000 - dt / 10 > 86400 * 365)
        document.cookie = nm + "=;path=" + pa + ";domain=" + dm +
                          ";expires=" + new Date(0).toUTCString();
    }
  } finally {}
</script>

There's some things that might be improved in the above script — unless of course Google makes it entirely unnecessary by starting to act as a responsible CMP by automatically re-prompting for consent:

  • It may be possible to call functions of the Funding Choices / TCF API to drive re-consent, rather that rely on deleting the cookie before the AdSense code is run. I haven't examined the API to see if this is possible.
  • It may also be possible to lazy load the script by hooking it into the AdSense API as an early callback. Again, I haven't looked at the API to see if this is possible.

Any such improvements to the above script are welcome and I'm happy to maintain this answer.

Terry Burton
  • 2,801
  • 1
  • 29
  • 41
  • Thanks a lot for your answer as it seems the only solution to this issue is on the web. Just one question, how can I find the path of the FCCDCF cookie for my site? – NicoCaldo Jul 10 '23 at 07:16
  • 1
    @NicoCaldo You'll want to use your browser's developer console and find the stored cookies for your site. This will tell you the domain and path that is being set. E.g. with Chrome it's under Application -> Cookies. – Terry Burton Jul 10 '23 at 13:29