Behavior

By default, consent is automatically re-collected and the notice is displayed again in three cases:

  • After 13 months (maximum acceptable cookie lifetime)

  • When the user clears they browser cookies

  • When a new vendor is added in your tag configuration or in the IAB vendors list (if you choose the option all)

The third case (a new vendor is added) can happen pretty often so you have the option to choose a number of days during which the notice will not be displayed even though there are new vendors to collect consent for. By default, the number is zero and the notice will be displayed automatically if a new vendor is added. If you create notices through the Didomi Console, the default value is 30 days.

During that consent recollection window:

  • New users will be asked for consent for the new vendor immediately.

  • Previous users that had already given consent within the window (ie less than X days ago) will not be asked again until the expiration of the window. The new vendor will not have vendor during that time.

  • Previous users that had already given consent outside of the window (ie more than X days ago) will be asked again immediately.

<script type="text/javascript">
window.didomiConfig = {
  notice: {
    daysBeforeShowingAgain: 5 // Number of days. Default is 0
  }
};
</script>

If you choose that option and because the notice is not shown again, the user consent status will be partial and some vendors will not have consent information. The function Didomi.isUserConsentStatusPartial() can return true in these cases.

Be aware that when recollecting consent until it is given to a vendor (true or false), consent status is reset to undefined.

In some cases, you might want to force recollect consent for all users after a certain date, irrespective of their choices and the configured window for recollecting consent.

This can be achieved by setting an ISO8601 date in the user.ignoreConsentBefore property:

<script type="text/javascript">
window.didomiConfig = {
  user: {
    ignoreConsentBefore: "2020-09-09T00:00:00Z"
  }
};
</script>

When the user has given consent before the provided date, consent will be automatically recollected. Dates in the future are ignored until they become current so you can schedule a consent recollection for a specific date in the future.

Didomi CMP allows you to customize the lifetime of the consent so that it expires after a specific time.

You can use app.consentDuration configuration option to specify custom consent duration:

<script type="text/javascript">
window.didomiConfig = {
  app: {
    consentDuration: 100 // Custom consent duration in seconds
  }
};
</script>

The app.consentDuration configuration option accepts custom consent duration value in seconds.

Consent expires after 12 months by default if custom consent duration is not specified.

The lifetime of the cookies is set to the value specified in the consent duration configuration option. If the custom consent duration is not specified, the lifetime of the cookies will be set to 12 months by default.

It is possible to apply a specific consent expiration when the user denies consent for all purposes and vendors. This can be done by using the app.deniedConsentDuration configuration option:

<script type="text/javascript">
window.didomiConfig = {
  app: {
    deniedConsentDuration: 100 // Denied consent duration in seconds
  }
};
</script>

If this configuration option is used and the user disagrees to all vendors and purposes on the consent legal basis, the consent will expire after the specified denied consent expiration and the consent will be recollected. The user choices on the legitimate interest legal basis are not taken into account when applying this configuration option.

The denied consent duration value should be smaller than the generic consent duration value, otherwise, the denied consent expiration will be ignored.

The app.deniedConsentDuration configuration option accepts a custom consent duration value in seconds.

If no value is set for the denied consent duration, the generic consent duration will still be applied for the denied consents.

Vendors and purposes

You must configure the vendors for which consent is collected by our consent notice and displayed in the preferences popup.

Read our detailed section to see how they can be configured.

Notice country

If you want to specify the country which determines the policy, you can use the app.country configuration option:

<script type="text/javascript">
window.didomiConfig = {
  app: {
    country: 'fr' // Two-letter country code
  }
};
</script>

The app.country configuration option receives a string which is an ISO 3166-1 alpha-2 country code.

The value specified in the app.country configuration option is used for the IAB TCF v2 consent string and for the IAB TCF v2 **__tcfapi**method.

You can read more about it in our Reference section.

Configuration by user country

By default, we will serve the notice with the appropriate regulation based on the location of the user's geolocation as determined by IP address resolution to country and region values. That is, if you have a notice configured to display GDPR within the EU (the default) and you have also added the CPRA regulation to display in California, a visitor from California will receive the CPRA banner and the same visitor traveling to France would see the GDPR version of the notice. For more details on multi-regulation notices, read more here.

If you want to override what our servers are detecting in terms of the geolocation of your visitors, you can override the user ISO 3166-1 alpha-2 country code and the ISO 3166-2 region code directly via your local SDK config object by setting the window.didomiConfig.user.country and window.didomiConfig.user.region properties to have their values equal to valid country and region codes. For example, if you want a user to appear to be visiting from California:

window.didomiConfig = {
    user: {
        country: "US",
        region: "CA"
    }
}

It is likely that you would be setting these properties dynamically via server-side code. Some things to be aware of when explicitly overriding the country and region codes when overriding the SDK's default behavior for serving notice configurations based on user geolocation detected by our servers:

  • If the values are null/undefined, we will ignore them and serve the notice using our standard behavior, i.e. what our servers have detected based on the incoming request's geolocation.

  • Because you are overriding our default behavior and we do not validate whether or not the country and region codes you are sending us are actual ISO codes, it is your responsibility to send valid country and region ISO codes. An invalid codes would result in a failure to match in our lookup for a related notice configuration. It is your responsibility to ensure valid codes are sent to us to resolve.

  • We are not changing our logic about how we serve notices, we are only allowing you to override the country and region codes. Therefore, what happens is determined on the notice settings in the country and region configuration in the console for the notice. That is, if you have configured GDPR to apply to only certain countries, the GDPR notice will only show up in those cases. In all other cases, there is no notice displayed.

Country-specific configuration settings

If you want to apply a different configuration depending on the country that the user is from, you can add country-specific properties in a configByCountry property where each key is an ISO 3166-1 alpha-2 country code in uppercase (the country code is case-sensitive). This allows you to replace part or all of the configuration for some countries.

Example to force the language based on the user country instead of the user browser configuration, and modify vendors:

<script type="text/javascript">
window.didomiConfig = {
  // Visitors from countries other than FR or US will get this configuration
  languages: {
    enabled: ['fr', 'en'], // Enable both French and English for all users
  },
  app: {
    name: 'My Website',
    vendors: {
      iab: {
        all: true,
        exclude: [9],
      }
    }
  },
  configByCountry: {
    // Visitors from France will get the global configuration + these changes applied to it
    FR: {
      languages: {
        enabled: ['fr'] // Force French for visitors from France
      },
      app: {
        vendors: {
          iab: {
            all: false,
            include: [9],
            exclude: [] // It's important to override "exclude" here otherwise it would be kept as [9]
          }
        }
      }
    },
    // Visitors from the US will get the global configuration + these changes applied to it
    US: {
      languages: {
        enabled: ['en'] // Force English for visitors from the US
      }
      // Vendors are not specified here so the global vendors will apply (all IAB)
    }
  }
};
</script>

The properties defined in configByCountry are merged with the rest of the configuration when the user comes from the matching country. The properties from the country configuration override the properties defined globally and are merged recursively so make sure to fully override objects when necessary. Arrays are replaced and not merged or concatenated.

Last updated