Prevent incorrect gppSection being set

CHANGELOG.md

@@ -35,6 +35,7 @@ The types of changes are:
 - Fixed bug where Privacy Policy links would be shown without a configured URL [#4801](https://github.com/ethyca/fides/pull/4801)
 - Fixed bug where Language selector button was overlapping other buttons when Privacy Policy wasn't present. [#4815](https://github.com/ethyca/fides/pull/4815)
 - Fixed bug where icons of the Language selector were displayed too small on some sites [#4815](https://github.com/ethyca/fides/pull/4815)
+- Fixed bug where GPP US National Section was incorrectly included when the State by State approach was selected [#4823]https://github.com/ethyca/fides/pull/4823
 
 ## [2.34.0](https://github.com/ethyca/fides/compare/2.33.1...2.34.0)
 

clients/fides-js/__tests__/lib/gpp/us-notices.ts

@@ -76,7 +76,7 @@ const mockPrivacyExperience = (override?: Partial<PrivacyExperience>) => {
     updated_at: "2023-12-07T22:03:26.052630+00:00",
     gpp_settings: {
       enabled: true,
-      us_approach: GPPUSApproach.STATE,
+      us_approach: GPPUSApproach.NATIONAL,
       mspa_covered_transactions: true,
       mspa_opt_out_option_mode: true,
       mspa_service_provider_mode: false,
@@ -124,7 +124,6 @@ describe("setGppNoticesProvidedFromExperience", () => {
     const sectionsChanged = setGppNoticesProvidedFromExperience({
       cmpApi,
       experience,
-      forceGpp: false,
     });
     expect(sectionsChanged).toEqual([]);
     expect(cmpApi.getGppString()).toEqual(EMPTY_GPP_STRING);
@@ -140,7 +139,6 @@ describe("setGppNoticesProvidedFromExperience", () => {
     const sectionsChanged = setGppNoticesProvidedFromExperience({
       cmpApi,
       experience,
-      forceGpp: false,
     });
     expect(sectionsChanged).toEqual([
       { name: "usnatv1", id: 7, prefix: "usnat" },
@@ -192,7 +190,6 @@ describe("setGppNoticesProvidedFromExperience", () => {
     const sectionsChanged = setGppNoticesProvidedFromExperience({
       cmpApi,
       experience,
-      forceGpp: false,
     });
     expect(sectionsChanged).toEqual([
       { name: "usnatv1", id: 7, prefix: "usnat" },
@@ -263,7 +260,6 @@ describe("setGppNoticesProvidedFromExperience", () => {
     const sectionsChanged = setGppNoticesProvidedFromExperience({
       cmpApi,
       experience,
-      forceGpp: false,
     });
     expect(sectionsChanged).toEqual([
       { name: "usnatv1", id: 7, prefix: "usnat" },
@@ -371,10 +367,10 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
       cmpApi,
       cookie,
       experience,
-      forceGpp: false,
     });
     expect(sectionsChanged).toEqual([]);
     expect(cmpApi.getGppString()).toEqual(EMPTY_GPP_STRING);
+    expect(cmpApi.getSection("usnatv1")).toBe(null);
   });
 
   it("sets all as 0 when there is no consent object in cookie", () => {
@@ -389,7 +385,6 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
       cmpApi,
       cookie,
       experience,
-      forceGpp: false,
     });
     expect(sectionsChanged).toEqual([
       { name: "usnatv1", id: 7, prefix: "usnat" },
@@ -432,7 +427,6 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
       cmpApi,
       cookie,
       experience,
-      forceGpp: false,
     });
     const section = cmpApi.getSection("usnatv1");
     expect(section).toEqual({
@@ -484,7 +478,6 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
       cmpApi,
       cookie,
       experience,
-      forceGpp: false,
     });
     const section = cmpApi.getSection("usnatv1");
     expect(section).toEqual({
@@ -536,7 +529,6 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
       cmpApi,
       cookie,
       experience,
-      forceGpp: false,
     });
     const section = cmpApi.getSection("usnatv1");
     expect(section).toEqual({
@@ -583,20 +575,11 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
     const experience = mockPrivacyExperience({
       region: "us_ca", // Set to a state
       privacy_notices: notices,
-      gpp_settings: {
-        enabled: true,
-        us_approach: GPPUSApproach.NATIONAL, // But set setting to national
-        mspa_covered_transactions: true,
-        mspa_opt_out_option_mode: true,
-        mspa_service_provider_mode: false,
-        enable_tcfeu_string: true,
-      },
     });
     setGppOptOutsFromCookieAndExperience({
       cmpApi,
       cookie,
       experience,
-      forceGpp: false,
     });
     const section = cmpApi.getSection("usnatv1");
     expect(section).toEqual({
@@ -621,4 +604,80 @@ describe("setGppOptOutsFromCookieAndExperience", () => {
     });
     expect(cmpApi.getGppString()).toEqual("DBABLA~BAAVVVVVVWA.QA");
   });
+
+  it("can use state gpp fields when gpp is set to state", () => {
+    const cmpApi = new CmpApi(1, 1);
+    const cookie = mockFidesCookie({
+      consent: {
+        data_sales_and_sharing: false,
+        targeted_advertising: false,
+        sensitive_personal_data_sharing: false,
+        known_child_sensitive_data_consents: false,
+        personal_data_consents: false,
+      },
+    });
+    const notices = [
+      DATA_SALES_SHARING_NOTICE,
+      TARGETED_ADVERTISING_NOTICE,
+      SENSITIVE_PERSONAL_SHARING_NOTICE,
+      KNOWN_CHILD_SENSITIVE_NOTICE,
+      PERSONAL_DATA_NOTICE,
+    ];
+    const experience = mockPrivacyExperience({
+      region: "us_ut", // Set to a state
+      privacy_notices: notices,
+      gpp_settings: {
+        enabled: true,
+        us_approach: GPPUSApproach.STATE, // Set to state
+        mspa_covered_transactions: true,
+        mspa_opt_out_option_mode: true,
+        mspa_service_provider_mode: false,
+        enable_tcfeu_string: true,
+      },
+    });
+    setGppOptOutsFromCookieAndExperience({
+      cmpApi,
+      cookie,
+      experience,
+    });
+    const section = cmpApi.getSection("usutv1");
+    expect(section).toEqual({
+      Version: 1,
+      SharingNotice: 0,
+      SaleOptOutNotice: 0,
+      TargetedAdvertisingOptOutNotice: 0,
+      SensitiveDataProcessingOptOutNotice: 0,
+      SaleOptOut: 0,
+      TargetedAdvertisingOptOut: 0,
+      SensitiveDataProcessing: [0, 0, 0, 0, 0, 0, 0, 0],
+      KnownChildSensitiveDataConsents: 0,
+      MspaCoveredTransaction: 1,
+      MspaOptOutOptionMode: 1,
+      MspaServiceProviderMode: 2,
+    });
+    expect(cmpApi.getGppString()).toEqual("DBABFg~BAAAAAWA");
+  });
+
+  it("does nothing for non-supported region when gpp is set to state", () => {
+    const cmpApi = new CmpApi(1, 1);
+    const experience = mockPrivacyExperience({
+      region: "us_ny",
+      gpp_settings: {
+        enabled: true,
+        us_approach: GPPUSApproach.STATE, // Set to state
+        mspa_covered_transactions: true,
+        mspa_opt_out_option_mode: true,
+        mspa_service_provider_mode: false,
+        enable_tcfeu_string: true,
+      },
+    });
+    const sectionsChanged = setGppNoticesProvidedFromExperience({
+      cmpApi,
+      experience,
+    });
+    expect(sectionsChanged).toEqual([]);
+    expect(cmpApi.getGppString()).toEqual(EMPTY_GPP_STRING);
+    expect(cmpApi.getSection("usnatv1")).toBe(null);
+    expect(cmpApi.getSection("usnyv1")).toBe(null);
+  });
 });

clients/fides-js/docs/interfaces/FidesOptions.md

@@ -162,13 +162,3 @@ overriden at the page-level as needed. Only applicable to a TCF experience.
 For more details, see the [TCF CMP API technical specification](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#what-does-the-gdprapplies-value-mean)  * 
 
 Defaults to `true`.
-
-## Forcing GPP Inclusion
-
-In some cases it may be necessary to always support the IAB's Global Privacy Platform (GPP), even if a visiting user is from a location without a privacy regulation. Forcing the inclusion of the [GPP API](/docs/tutorials/consent-management/consent-management-configuration/cmp-javascript-apis#gpp-api) can be accomplished by including query parameter `gpp=true` on the FidesJS script:
-
-```
-<script src="path/to/fides.js?gpp=true"></script>
-```
-
-When the GPP API is included this way, the `applicableSections` property is set to `[-1]` whenever a user visits a page from a non-supported location.

clients/fides-js/src/fides-ext-gpp.ts

@@ -137,7 +137,7 @@ const initializeGppCmpApi = () => {
   // If consent does not need to be resurfaced, then we can set the signal to Ready here
   window.addEventListener("FidesInitialized", (event) => {
     // TODO (PROD-1439): re-evaluate if GPP is "cheating" accessing window.Fides instead of using the event details only
-    const { experience, saved_consent: savedConsent, options } = window.Fides;
+    const { experience, saved_consent: savedConsent } = window.Fides;
     cmpApi.setSupportedAPIs(getSupportedApis());
     // Set status to ready immediately upon initialization, if either:
     // A. Consent should not be resurfaced
@@ -156,27 +156,28 @@ const initializeGppCmpApi = () => {
       if (tcSet) {
         cmpApi.setApplicableSections([TcfEuV2.ID]);
       }
-      setGppNoticesProvidedFromExperience({
+      const sectionsSet = setGppNoticesProvidedFromExperience({
         cmpApi,
         experience,
-        forceGpp: options.forceGpp,
       });
       const sectionsChanged = setGppOptOutsFromCookieAndExperience({
         cmpApi,
         cookie: event.detail,
         experience,
-        forceGpp: options.forceGpp,
       });
       if (sectionsChanged.length) {
         cmpApi.setApplicableSections(sectionsChanged.map((s) => s.id));
       }
+      if (!tcSet && !sectionsSet.length && !sectionsChanged.length) {
+        cmpApi.setApplicableSections([-1]);
+      }
       cmpApi.setSignalStatus(SignalStatus.READY);
     }
   });
 
   window.addEventListener("FidesUIShown", (event) => {
     // Set US GPP notice fields
-    const { experience, saved_consent: savedConsent, options } = window.Fides;
+    const { experience, saved_consent: savedConsent } = window.Fides;
     if (isPrivacyExperience(experience)) {
       // set signal status to ready only for users with no existing prefs and if notices are all opt-in by default
       if (
@@ -195,7 +196,6 @@ const initializeGppCmpApi = () => {
       const sectionsChanged = setGppNoticesProvidedFromExperience({
         cmpApi,
         experience,
-        forceGpp: options.forceGpp,
       });
       if (sectionsChanged.length) {
         cmpApi.setApplicableSections(sectionsChanged.map((s) => s.id));
@@ -230,7 +230,6 @@ const initializeGppCmpApi = () => {
         cmpApi,
         cookie: event.detail,
         experience: window.Fides.experience,
-        forceGpp: window.Fides.options.forceGpp,
       });
       if (sectionsChanged.length) {
         cmpApi.setApplicableSections(sectionsChanged.map((s) => s.id));

clients/fides-js/src/fides-tcf.ts

@@ -221,7 +221,6 @@ const _Fides: FidesGlobal = {
     allowHTMLDescription: null,
     base64Cookie: false,
     fidesPrimaryColor: null,
-    forceGpp: false,
     fidesClearCookie: false,
   },
   fides_meta: {},

clients/fides-js/src/fides.ts

@@ -165,7 +165,6 @@ const _Fides: FidesGlobal = {
     allowHTMLDescription: null,
     base64Cookie: false,
     fidesPrimaryColor: null,
-    forceGpp: false,
     fidesClearCookie: false,
   },
   fides_meta: {},

clients/fides-js/src/lib/consent-types.ts

@@ -120,9 +120,6 @@ export interface FidesInitOptions {
 
   // Shows fides.js overlay UI on load deleting the fides_consent cookie as if no preferences have been saved
   fidesClearCookie: boolean;
-
-  // Whether the developer forced the inclusion of the GPP extension via query param on the script tag
-  forceGpp: boolean;
 }
 
 /**

clients/fides-js/src/lib/gpp/constants.ts

@@ -6,11 +6,9 @@ import {
   UsUtV1,
   UsVaV1,
 } from "@iabgpp/cmpapi";
+import { GPPSection } from "./types";
 
-export const FIDES_REGION_TO_GPP_SECTION: Record<
-  string,
-  { name: string; id: number; prefix: string }
-> = {
+export const FIDES_REGION_TO_GPP_SECTION: Record<string, GPPSection> = {
   us: { name: UsNatV1.NAME, id: UsNatV1.ID, prefix: "usnat" },
   us_ca: { name: UsCaV1.NAME, id: UsCaV1.ID, prefix: "usca" },
   us_ct: { name: UsCtV1.NAME, id: UsCtV1.ID, prefix: "usct" },

clients/fides-js/src/lib/gpp/types.ts

@@ -57,3 +57,9 @@ export type GPPFieldMapping = {
   notice?: Array<string>;
   mechanism?: Array<GPPMechanismMapping>;
 };
+
+export type GPPSection = {
+  name: string;
+  id: number;
+  prefix?: string;
+};