Consent Handling
Rationale
Why is consent handling becoming even more important? The short and the long answer is GDPR. When third-party content is included in a liveblog, if consent handling has not been enabled, the reader’s data is being unknowingly or unwillingly transmitted to the social media platform. That’s why it’s a topic that every platform or news site has to think about. Luckily our liveblog product provides several consent handling options to our partners so that they can choose which solution best fits their needs. While the first option is not recommended for most cases, the other points allow for flexibility with regard to compliancy.
With the Embed JS there are four main options when it comes to third-party content that is being embedded into the liveblog.
- Integrated consent handling
- Enable/Disable all Web Embeds without consent handling
- Enable/Disable specific Web Embeds without consent handling
- Integrated custom consent handling
Choosing the right option
The integrated consent handling 2-click switch is not only the easiest but also the fastest solution for keeping liveblogs reader-friendly and GDPR compliant.
1. Integrated consent handling
This is the default setting. It enables a small switch to be shown that allows readers to select which platforms may display content in the liveblog. Unless actively enabled, we will only show a GDPR-compliant preview of the tweet, post, or video.
<tickaroo-liveblog
liveblogId="5f47bdba2a03d3abfab3c607"
clientId="5c99e3358dce8c729e697547">
</tickaroo-liveblog>
2. Enable/Disable all Web Embeds without consent handling
Using the webEmbedDefaultConstraint parameter on the tickaroo-liveblog tag you can force enable or disable all web embeds.
2.1 Always Enabled
This does not conform to the GDPR without further measures!
<tickaroo-liveblog
liveblogId="5f47bdba2a03d3abfab3c607"
webEmbedDefaultConstraint="full"
clientId="5c99e3358dce8c729e697547">
</tickaroo-liveblog>
2.2 Always Simplified
This fully conforms to the GDPR without further measures!
<tickaroo-liveblog
liveblogId="5f47bdba2a03d3abfab3c607"
webEmbedDefaultConstraint="simple"
clientId="5c99e3358dce8c729e697547">
</tickaroo-liveblog>
2.3 Completely disabled
Web embeds will not be shown at all!
<tickaroo-liveblog
liveblogId="5f47bdba2a03d3abfab3c607"
webEmbedDefaultConstraint="hide"
clientId="5c99e3358dce8c729e697547">
</tickaroo-liveblog>
3. Enable/Disable specific Web Embeds without consent handling
Instead of enabling/disabling all embeds at once, it is also possible to do it for a specific provider. For example, you can disable third-party embedded content from YouTube but enable content from Facebook. Third-party embedded content that is not defined in webEmbedConstraints will be handled with the default setting. This option can be set on the tickaroo-liveblog tags.
A JSON Object with key/value pairs has to be supplied for that. The following example illustrates the possible values.
{
"Gfycat": "full",
"X": "simple",
"Facebook": "consent",
"Instagram": "hide",
"dpa-webgrafik": "consent",
"dpa-electionslive": "consent",
"Apester": "consent",
"Brightcove": "consent",
"Datawrapper": "consent",
"Infogram": "consent",
"Glomex": "consent",
"Opinary": "consent",
"SoundCloud": "consent",
"Spotify": "consent",
"TikTok": "consent",
"Vimeo": "consent",
"YouTube": "consent",
[iframe-domain]: "consent" // For generic iframes, the domain of the iframe will be used
}
| Value | Behaviour | GDPR compliant? |
|---|---|---|
full |
Always loads the full widget | No (without additional measures) |
simple |
Always shows a summary only | Yes |
consent |
Shows a summary; user can load the full widget | Yes |
hide |
Hides the embed entirely | Yes |
See Supported Providers for the full list of valid provider keys. For generic iframes, use the domain of the iframe URL as the key.
In HTML you can specify as many or as few as you want. All other embeds will fall back to the default setting.
<tickaroo-liveblog
liveblogId="5f47bdba2a03d3abfab3c607"
webEmbedConstraints='{"X":"simple"}'
clientId="5c99e3358dce8c729e697547">
</tickaroo-liveblog>
4. Integrated custom consent handling
Using the customerConsent parameter on the tickaroo-liveblog tag you enable your own custom consent handling.
A boolean has to be supplied for that.
When customerConsent="true" is set, the liveblog defers all consent decisions to your code. Two events are available:
tickarooLiveblogInit— fires once the liveblog is ready. Use this to pre-populate consent state from your CMP so returning users do not have to re-accept on every page load.tickarooLiveblogCustomConsent— fires when the user clicks a consent toggle. Callevent.target.setConsent(provider, granted)to apply the decision.
The provider value uses the same keys listed in Supported Providers.
Example of implementation
<tickaroo-liveblog
id="ticker1"
liveblogId="5f47bdba2a03d3abfab3c607"
clientId="5c99e3358dce8c729e697547"
customerConsent="true">
</tickaroo-liveblog>
// Replace `cmp` with your own Consent Management Platform integration.
// getAllConsent() should return { providerName: boolean } pairs.
// saveConsent(vendor, granted) should persist the user's decision.
const liveblog = document.getElementById('ticker1');
// Pre-populate consent state once the liveblog is ready
liveblog.addEventListener('tickarooLiveblogInit', () => {
const allConsent = cmp.getAllConsent(); // { 'YouTube': true, 'X': false, ... }
for (const [vendor, granted] of Object.entries(allConsent)) {
liveblog.setConsent(vendor, granted);
}
});
// Forward user consent decisions to your CMP
liveblog.addEventListener('tickarooLiveblogCustomConsent', (event) => {
const { provider, consent } = event.detail;
cmp.saveConsent(provider, consent);
event.target.setConsent(provider, consent);
});
Supported Providers
The following provider keys are used as keys in webEmbedConstraints and are also the values received as event.detail.provider in the custom consent event.
23degrees, agnoplay, apa-grafik, apester, audiorella, Bluesky, Brightcove, Datawrapper, dpa, dpa-addons, dpa-datawrapper, dpa-electionslive, dpa-faktencheck, dpa-sportslive, dpa-video, dpa-webgrafik, embed.nexx.cloud, Facebook, fanhub.keepup.com.au, flourish, Gfycat, Getty, glomex, Infogram, Instagram, Opinary, Opta, pinpoll, Rhetoric, SoundCloud, Sportdeutschland.TV, Spotify, strava, SZ, Telegram, TikTok, Truth Social, Vimeo, Website, X, YouTube
For generic iframes, use the domain of the iframe URL as the key. See Supported Third Party Embeds for embed code examples.