Between 12:16 ET and 13:56 ET on May 18, 2023, Admiral experienced an outage with European Consent, which resulted in the failure to convey or prompt for consent for users subject to GDPR.
During the specified timeframe, the TCF JS API would have not returned any consent and visitors would not have been prompted to give consent if they lived in a country the publisher deemed applicable to GDPR. The root cause of this outage was identified as a misconfiguration in a file, the Global Vendor List (GVL), provided by the Interactive Advertising Bureau (IAB). Admiral, along with other Consent Management Platforms (CMPs), relies on this configuration file to maintain a list of third-party vendors compliant with GDPR. This configuration file was periodically refreshed and served to visitors through Admiral’s bundled JavaScript (JS) file.
The root cause of the outage was a misconfiguration in the GVL causing an unhandled JS error, which disrupted the proper functioning of Admiral's Consent product. The exact reason for the misconfiguration is currently being investigated and will be addressed in collaboration with the IAB.
To address the misconfiguration issue and mitigate the impact of the outage, Admiral has temporarily suspended the periodic, automatic, updates of the GVL. This decision was made to allow for a thorough evaluation of alternative methods to deliver an up-to-date list to visitors.
Admiral deeply regrets any disruptions caused by this incident and is committed to preventing similar failures in the future. We are working internally and with the IAB to add additional safeguards. Going forward, publishers can expect our JS will only contain GVL versions verified through our change control process.
The outage highlighted the need for publishers and vendors relying on consent to include appropriate timeouts and safeguards when consent cannot be obtained. In the event of similar failures, it is crucial to have fallback mechanisms in place to assume a non-consenting visitor. Admiral recommends all affected parties to review their own consent handling processes and consider implementing safeguards to minimize interruptions.