The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents.

GDPR requires organisations to implement reasonable data protection measures to protect the personal data of consumers and employees against data loss or exposure.

Passing GDPR and User Consent information to DSP
Exchange server is indicating the GDPR and User Consent flags using following RTB fields inside the Bid Request:




Example Values



0: Means GDPR does not apply to this traffic

1: Means GDPR applies to this traffic




The value expected here should be formatted according to the definition of the User Consent String as defined by IAB.e.g. "BOJObISOJObISAABAAENAA4AAAAAoAAA"

We also support boolean flags indicating whether user consent was given or not.

"0": Means consent has NOT been given!

"1": Means consent has been given!


Please follow IAB recommendations on how to implement GDPR support in RTB:

In case there is no consent given by user, and he is under GDPR policy, you will NOT receive the following information about user in bid request:

  • user.yob
  • user.gender
  • user.geo.lon
  • geo.long