Clarification re including Domains and SDKs section in the device storage and disclosure JSON

[HeinzBaumann]

Changes to the Vendor Device Storage & Operational Disclosures specification
Under the chapter Domains array we will add clarification when this section is not needed:
Vendors MUST publish the domains they use for collecting and processing personal data in the context of their TCF registration. Vendors MUST NOT include Publishers’ delegated domains or subdomains they may use. Vendors who do not use domains (no domains listed in the disclosure array) do not need to populate an empty domains array.

Under the chapter SDKs array we will add clarification when this section is not needed:
Vendors must publish the mobile in-app sdks they use for collecting and processing personal data in the context of their TCF registration. If vendors do not operate / support mobile in-app they do not need to add the SDKs array to the Device Storage & Operational Disclosures JSON file.

Add mention of SDKs to the FAQ paragraph.

“The FAQ addresses questions including the use of domains instead of domain field, when the domain(s) and SDKs section can be omitted, the use of wildcards, when the storage mechanism is set by a first party etc… The document will be updated over time.”

More details here: https://docs.google.com/document/d/1Q00tS6V3x2bjaa6yd5BgtGSG7NMuUCk3ZklsHmnvsEU/edit?usp=sharing

[dmdabbs]

Heinz, noting a difference in the description here and in the referenced document...

Here

If vendors do not operate / support mobile in-app they do not need to add the SDKs array to the Device Storage & Operational Disclosures JSON file

Doc

If they don't use any SDKs they add an empty array to the JSON file. In the case a vendor doesn't support mobile in-app this SDKs array can be omitted.

Presume the document is the authoritative.

[HeinzBaumann]

@dmdabbs The check for support of mobile we perform is whether the vendor declares mobile in-app as part of their vendor registration. if they do the SDKs section needs to be there even if it is empty. If they don't it can be obmitted.

[dmdabbs]

The check for support of mobile we perform is whether the vendor declares mobile in-app

Which is the "Device Identifiers" checkbox under the "Categories of data collected and/or already held" heading.
It's description (under (?) icon) reads

Fair to say that the "on users devices" phrase is solely meant to describe where the identifiers originate and not to condition where the Vendor reads/writes them, correct?

[HeinzBaumann]

The particular check is under the B2B section. Environment where you operate. If you check Mobile In-App you will need to have a the SDKs section in the vendor's device storage disclosure JSON.