IABTechLab · RSam25 · Jan 14, 2026 · Jan 15, 2026 · Jan 15, 2026 · Jan 18, 2026
diff --git a/conf/docker-config.json b/conf/docker-config.json
@@ -42,7 +42,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-operator"
 }
diff --git a/conf/integ-config.json b/conf/integ-config.json
@@ -18,7 +18,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": false,
   "uid_instance_id_prefix": "local-operator"
 }
diff --git a/conf/local-config.json b/conf/local-config.json
@@ -41,7 +41,6 @@
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
   "encrypted_files": false,
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-operator"
 }
diff --git a/conf/local-e2e-docker-public-config.json b/conf/local-e2e-docker-public-config.json
@@ -38,7 +38,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }
diff --git a/conf/local-e2e-public-config.json b/conf/local-e2e-public-config.json
@@ -44,7 +44,7 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
+
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }
diff --git a/conf/validator-latest-e2e-docker-public-config.json b/conf/validator-latest-e2e-docker-public-config.json
@@ -43,7 +43,6 @@
     },
     "config_scan_period_ms": 300000
   },
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }
diff --git a/src/main/java/com/uid2/operator/Const.java b/src/main/java/com/uid2/operator/Const.java
@@ -34,7 +34,6 @@ public class Config extends com.uid2.shared.Const.Config {
 
         public static final String ConfigScanPeriodMsProp = "config_scan_period_ms";
         public static final String IdentityV3Prop = "identity_v3";
-        public static final String DisableOptoutTokenProp = "disable_optout_token";
         public static final String EnableRemoteConfigProp = "enable_remote_config";
         public static final String RuntimeConfigMetadataPathProp = "runtime_config_metadata_path";
 

diff --git a/src/main/java/com/uid2/operator/model/IdentityRequest.java b/src/main/java/com/uid2/operator/model/IdentityRequest.java
@@ -3,21 +3,14 @@
 public final class IdentityRequest {
     public final PublisherIdentity publisherIdentity;
     public final UserIdentity userIdentity;
-    public final OptoutCheckPolicy optoutCheckPolicy;
     public final IdentityEnvironment identityEnvironment;
 
     public IdentityRequest(
             PublisherIdentity publisherIdentity,
             UserIdentity userIdentity,
-            OptoutCheckPolicy tokenGeneratePolicy,
             IdentityEnvironment identityEnvironment) {
         this.publisherIdentity = publisherIdentity;
         this.userIdentity = userIdentity;
-        this.optoutCheckPolicy = tokenGeneratePolicy;
         this.identityEnvironment = identityEnvironment;
     }
-
-    public boolean shouldCheckOptOut() {
-        return optoutCheckPolicy.equals(OptoutCheckPolicy.RespectOptOut);
-    }
 }
diff --git a/src/main/java/com/uid2/operator/model/MapRequest.java b/src/main/java/com/uid2/operator/model/MapRequest.java
@@ -4,22 +4,15 @@
 
 public final class MapRequest {
     public final UserIdentity userIdentity;
-    public final OptoutCheckPolicy optoutCheckPolicy;
     public final Instant asOf;
     public final IdentityEnvironment identityEnvironment;
 
     public MapRequest(
             UserIdentity userIdentity,
-            OptoutCheckPolicy optoutCheckPolicy,
             Instant asOf,
             IdentityEnvironment identityEnvironment) {
         this.userIdentity = userIdentity;
-        this.optoutCheckPolicy = optoutCheckPolicy;
         this.asOf = asOf;
         this.identityEnvironment = identityEnvironment;
     }
-
-    public boolean shouldCheckOptOut() {
-        return optoutCheckPolicy.equals(OptoutCheckPolicy.RespectOptOut);
-    }
 }
diff --git a/src/main/java/com/uid2/operator/model/OptoutCheckPolicy.java b/src/main/java/com/uid2/operator/model/OptoutCheckPolicy.java
diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
@@ -102,7 +102,7 @@ public IdentityTokens generateIdentity(IdentityRequest request, Duration refresh
                 request.userIdentity.identityScope, request.userIdentity.identityType, firstLevelHash, request.userIdentity.privacyBits,
                 request.userIdentity.establishedAt, request.userIdentity.refreshedAt);
 
-        if (request.shouldCheckOptOut() && getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
+        if (getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
             return IdentityTokens.LogoutToken;
         } else {
             return this.generateIdentity(request.publisherIdentity, firstLevelHashIdentity, refreshIdentityAfter, refreshExpiresAfter, identityExpiresAfter, request.identityEnvironment);
@@ -153,7 +153,7 @@ public RefreshResponse refreshIdentity(RefreshToken token, Duration refreshIdent
     @Override
     public MappedIdentity mapIdentity(MapRequest request) {
         final UserIdentity firstLevelHashIdentity = getFirstLevelHashIdentity(request.userIdentity, request.asOf);
-        if (request.shouldCheckOptOut() && getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
+        if (getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
             return MappedIdentity.LogoutIdentity;
         } else {
             return getMappedIdentity(firstLevelHashIdentity, request.asOf, request.identityEnvironment);

diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -104,14 +104,12 @@ public class UIDOperatorVerticle extends AbstractVerticle {
     private final IClientKeyProvider clientKeyProvider;
     private final Clock clock;
     private final boolean identityV3Enabled;
-    private final boolean disableOptoutToken;
     private final UidInstanceIdProvider uidInstanceIdProvider;
     protected IUIDOperatorService idService;
 
     private final Map<String, DistributionSummary> _identityMapMetricSummaries = new HashMap<>();
     private final Map<Tuple.Tuple2<String, Boolean>, DistributionSummary> _refreshDurationMetricSummaries = new HashMap<>();
     private final Map<Tuple.Tuple3<String, Boolean, Boolean>, Counter> _advertisingTokenExpiryStatus = new HashMap<>();
-    private final Map<Tuple.Tuple3<String, OptoutCheckPolicy, String>, Counter> _tokenGeneratePolicyCounters = new HashMap<>();
     private final Map<String, Counter> _tokenGenerateTCFUsage = new HashMap<>();
     private final Map<String, Tuple.Tuple2<Counter, Counter>> _identityMapUnmappedIdentifiers = new HashMap<>();
     private final Map<String, Counter> _identityMapRequestWithUnmapped = new HashMap<>();
@@ -195,7 +193,6 @@ public UIDOperatorVerticle(IConfigStore configStore,
         this.optOutStatusApiEnabled = config.getBoolean(Const.Config.OptOutStatusApiEnabled, true);
         this.optOutStatusMaxRequestSize = config.getInteger(Const.Config.OptOutStatusMaxRequestSize, 5000);
         this.identityV3Enabled = config.getBoolean(IdentityV3Prop, false);
-        this.disableOptoutToken = config.getBoolean(DisableOptoutTokenProp, false);
         this.uidInstanceIdProvider = uidInstanceIdProvider;
     }
 
@@ -487,7 +484,6 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA
                     new IdentityRequest(
                             new PublisherIdentity(clientSideKeypair.getSiteId(), 0, 0),
                             input.toUserIdentity(this.identityScope, privacyBits.getAsInt(), Instant.now()),
-                            OptoutCheckPolicy.RespectOptOut,
                             identityEnvironment
                     ),
                     refreshIdentityAfter,
@@ -944,50 +940,18 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                     }
                 }
 
-                final Tuple.Tuple2<OptoutCheckPolicy, String> optoutCheckPolicy = readOptoutCheckPolicy(req);
-                recordTokenGeneratePolicy(apiContact, optoutCheckPolicy.getItem1(), optoutCheckPolicy.getItem2());
-
-                if (!meetPolicyCheckRequirements(rc)) {
-                    SendClientErrorResponseAndRecordStats(ResponseStatus.ClientError, 400, rc, "Required opt-out policy argument for token/generate is missing or not set to 1", siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.BadPayload, siteProvider, platformType);
-                    return;
-                }
-
                 final IdentityTokens t = this.idService.generateIdentity(
                         new IdentityRequest(
                                 new PublisherIdentity(siteId, 0, 0),
                                 input.toUserIdentity(this.identityScope, 1, Instant.now()),
-                                OptoutCheckPolicy.respectOptOut(),
                                 identityEnvironment),
                         refreshIdentityAfter,
                         refreshExpiresAfter,
                         identityExpiresAfter);
 
                 if (t.isEmptyToken()) {
-                    if (optoutCheckPolicy.getItem1() == OptoutCheckPolicy.DoNotRespect && !this.disableOptoutToken) { // only legacy can use this policy
-                        final InputUtil.InputVal optOutTokenInput = input.getIdentityType() == IdentityType.Email
-                                ? InputUtil.InputVal.validEmail(OptOutTokenIdentityForEmail, OptOutTokenIdentityForEmail)
-                                : InputUtil.InputVal.validPhone(OptOutTokenIdentityForPhone, OptOutTokenIdentityForPhone);
-
-                        PrivacyBits pb = new PrivacyBits();
-                        pb.setLegacyBit();
-                        pb.setClientSideTokenGenerateOptout();
-
-                        final IdentityTokens optOutTokens = this.idService.generateIdentity(
-                                new IdentityRequest(
-                                        new PublisherIdentity(siteId, 0, 0),
-                                        optOutTokenInput.toUserIdentity(this.identityScope, pb.getAsInt(), Instant.now()),
-                                        OptoutCheckPolicy.DoNotRespect,
-                                        identityEnvironment),
-                                refreshIdentityAfter,
-                                refreshExpiresAfter,
-                                identityExpiresAfter);
-
-                        ResponseUtil.SuccessV2(rc, toTokenResponseJson(optOutTokens));
-                        recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.Success, siteProvider, optOutTokens.getAdvertisingTokenVersion(), platformType);
-                    } else { // new participant, or legacy specified policy/optout_check=1
-                        ResponseUtil.SuccessNoBodyV2("optout", rc);
-                        recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, siteProvider, null, platformType);
-                    }
+                    ResponseUtil.SuccessNoBodyV2("optout", rc);
+                    recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, siteProvider, null, platformType);
                 } else {
                     ResponseUtil.SuccessV2(rc, toTokenResponseJson(t));
                     recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.Success, siteProvider, t.getAdvertisingTokenVersion(), platformType);
@@ -1131,7 +1095,6 @@ private JsonObject handleIdentityMapCommon(RoutingContext rc, InputUtil.InputVal
                 final MappedIdentity mappedIdentity = idService.mapIdentity(
                         new MapRequest(
                                 input.toUserIdentity(this.identityScope, 0, now),
-                                OptoutCheckPolicy.respectOptOut(),
                                 now,
                                 env));
 
@@ -1186,7 +1149,6 @@ private JsonObject processIdentityMapV3Response(RoutingContext rc, Map<String, I
                     final MappedIdentity mappedId = idService.mapIdentity(
                             new MapRequest(
                                     rawId.toUserIdentity(this.identityScope, 0, now),
-                                    OptoutCheckPolicy.respectOptOut(),
                                     now,
                                     env));
 
@@ -1639,49 +1601,6 @@ private UserConsentStatus validateUserConsent(JsonObject req, String apiContact)
         return UserConsentStatus.SUFFICIENT;
     }
 
-    private static final String POLICY_PARAM = "policy";
-    private static final String OPTOUT_CHECK_POLICY_PARAM = "optout_check";
-
-    private boolean meetPolicyCheckRequirements(RoutingContext rc) {
-        JsonObject requestJsonObject = (JsonObject) rc.data().get(REQUEST);
-        boolean respectOptOut = false;
-        if (requestJsonObject.containsKey(OPTOUT_CHECK_POLICY_PARAM)) {
-            respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(OPTOUT_CHECK_POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
-        } else if (requestJsonObject.containsKey(POLICY_PARAM)) {
-            respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
-        }
-
-        final ClientKey clientKey = (ClientKey) AuthMiddleware.getAuthClient(rc);
-        final ClientKey oldestClientKey = this.clientKeyProvider.getOldestClientKey(clientKey.getSiteId());
-        boolean newClient = oldestClientKey.getCreated() >= OPT_OUT_CHECK_CUTOFF_DATE;
-
-        if (newClient && !respectOptOut) {
-            // log policy violation
-            LOGGER.warn(String.format("Failed to respect opt-out policy: siteId=%d, clientKeyName=%s, clientKeyCreated=%d",
-                    oldestClientKey.getSiteId(), oldestClientKey.getName(), oldestClientKey.getCreated()));
-            return false;
-        }
-        return true;
-    }
-
-    private Tuple.Tuple2<OptoutCheckPolicy, String> readOptoutCheckPolicy(JsonObject req) {
-        if(req.containsKey(OPTOUT_CHECK_POLICY_PARAM)) {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.fromValue(req.getInteger(OPTOUT_CHECK_POLICY_PARAM)), OPTOUT_CHECK_POLICY_PARAM);
-        } else if(req.containsKey(POLICY_PARAM)) {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.fromValue(req.getInteger(POLICY_PARAM)), POLICY_PARAM);
-        } else {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.defaultPolicy(), "null");
-        }
-    }
-
-    private void recordTokenGeneratePolicy(String apiContact, OptoutCheckPolicy policy, String policyParameterKey) {
-        _tokenGeneratePolicyCounters.computeIfAbsent(new Tuple.Tuple3<>(apiContact, policy, policyParameterKey), triple -> Counter
-                .builder("uid2_token_generate_policy_usage_total")
-                .description("Counter for token generate policy usage")
-                .tags("api_contact", triple.getItem1(), "policy", String.valueOf(triple.getItem2()), "policy_parameter", triple.getItem3())
-                .register(Metrics.globalRegistry)).increment();
-    }
-
     private void recordTokenGenerateTCFUsage(String apiContact) {
         _tokenGenerateTCFUsage.computeIfAbsent(apiContact, contact -> Counter
                 .builder("uid2_token_generate_tcf_usage_total")