Businesses throughout Europe find adhering to the transparency requirements and privacy regulations of the European Union a challenging task. For years, there has been a severe need for a mutually agreed-upon standard to unite data-driven businesses on a clear approach to dealing with consent and bans on users’ data usage.
Fortunately, the Interactive Advertising Bureau (IAB) Europe has created a solution to establish such a standard for acquiring consent from users that ensures businesses stay compliant with the requirements and regulations set forth by the General Data Protection Regulation (GDPR). That solution is the Transparency and Consent Framework (TCF).
CookieScript is a registered Consent Management Platform at IAB. Full integration with the latest version of IAB TCF 2.0 is available for selected pricing plans.
What is the IAB Transparency & Consent Framework?
The IAB created the TCF to set the standard for how businesses in a wide array of industries can conduct targeted advertisements in a manner compliant with the GDPR. The overall goal of the TCF is to provide the publishing and advertising industries with a straightforward platform to deliver appropriate digital promotions and content based on user consent.
Businesses are now able to take advantage of the TCF’s upgraded capabilities to comply with privacy regulations while transferring consumer data. Plus, consent is now more granular for users, who can now control whether vendors are allowed to use their personal data. Under the TCF, users can grant, refuse, or revoke their consent as well as to object to any data sharing not based on their consent.
IAB TCF and GDPR
The IAB TCF is structured as a GDPR compliant set of technical specifications and policies that provide the framework for website publishers to inform their users of the data they collect and how it’s shared and used by third-party publishers. The TCF was designed by the IAB to ensure publishers, advertisers, and their networks comply with the GDPR as well as the ePrivacy Directive (Cookie Law).
Data protection authorities (DPA) may impose fines (as much as EUR 20,000,000) on publishers who do not adhere to the GDPR. However, the GDPR provided few incentives for publishers to provide consumers with control over the data they were given under EU law. Thus, the TCF has created a means for publishers to adopt similar methods of communicating consent that provide opportunities for further audience monetization and greater ROI.
While businesses are not legally required to use the TCF to comply with GDPR requirements, it does function as a set of useful guidelines that simplify the process. Otherwise, compliance can be a complex, costly, and time-consuming headache.
How does TCF Work?
Under the GDPR, user consent is the most important aspect of data collection from users on publishers’ websites. The TCF simplifies the process for publishers to acquire consent from their users and then share that collected data with advertisers by:
- Establishing industry-wide standards for data collection and processing.
- Ensuring publishers and advertisers maintain GDPR compliance.
- Enabling publishers to be more transparent with their users.
- Allowing users to choose which organization's data is shared with as opposed to a simple yes or no decision on whether their data is shared.
- Relaying user data to third parties down the advertising supply chain.
- Creating “a common language with which to communicate consumer consent for the delivery of relevant online advertising and content.”
The TCF enables users to interface with vendors through the consent management platform (CMP) publishers use. Publishers are able to choose which vendors they work with and their CMP relays that information to their users as well as the purposes their data will be used for. These purposes typically include content personalization, targeted advertising, and more.
The IAB manages a Global Vendor List (GVL) which stores the registration information of vendors who work with website publishers and advertisers and their CMPs. IAB also oversees the compliance process for CMPs participating in the TCF.
Who should use TCF?
Any first-party publisher that transfers user data to third-party advertisers or other parties should utilize the IAB TCF. As highlighted previously, publishers can benefit tremendously from using the TCF because it simplifies their transparency efforts and allows them as controllers of data to have more control over how their users’ data is processed and for which purposes.
Any publisher or website operator within the EU that monetizes their content through third-party advertisers can communicate to vendors the preferences their users have expressed for how their personal data is used. Complying with the GDPR is of the utmost importance to any advertiser or publisher who handles, keeps, or tracks users’ data in the form of cookies, device identifiers, or other tracking technologies. Plus, TCF is also applicable to any organization outside of the European Union that chooses to comply with the GDPR.
IAB Transparency & Consent Framework and CookieScript
CookieScript stays up to date with the latest EU regulations while providing easy-to-use and user-friendly options for maintaining full compliance under the TCF guidelines. CookieScript can be fully integrated into the vast majority of popular hosting platforms, from WordPress and Wix to Shopify, SquareSpace, and more. Website publishers can enable TCF 2.0 compliance features as a supplement to the regular CookieScript functionality by simply going to Banner Settings > Enable IAB TCF 2.0.