Businesses throughout Europe find adhering to the transparency requirements and privacy regulations of the European Union a challenging task. For years, there has been a severe need for a mutually agreed-upon standard to unite data-driven businesses on a clear approach to dealing with consent and bans on users’ data usage.
Fortunately, the Interactive Advertising Bureau (IAB) Europe has created a solution to establish such a standard for acquiring consent from users that ensures businesses stay compliant with the requirements and regulations set forth by the General Data Protection Regulation (GDPR). That solution is the Transparency and Consent Framework (TCF).
CookieScript is a registered Consent Management Platform at IAB and is a Google CMP partner, recomended by Google for the implementation of Google Consent Mode and Google Tag Manager. Full TCF 2.2 integration with the latest version of IAB TCF 2.2 is available for selected pricing plans. With CookieScript, you can use all functionalities of Google’s advertisement products like Google AdSense, Ad Manager, or AdMob.
What is the IAB Transparency & Consent Framework?
The IAB created the TCF to set the standard for how businesses in a wide array of industries can conduct targeted advertisements in a manner compliant with the GDPR. The overall goal of the TCF is to provide the publishing and advertising industries with a straightforward platform to deliver appropriate digital promotions and content based on user consent.
TCF 2.2 – the latest version of the TCF – has been revamped in order to expand its ability to provide technical specifications and policies for companies that use cookies to deliver ads, maintain user profiles, and conduct ad or content analysis online. Many users found challenges in the first version of the framework, so TCF 2.2 has been upgraded in order to address these challenges and enable enhanced consumer transparency and choice.
Businesses are now able to take advantage of the TCF’s upgraded capabilities to comply with privacy regulations while transferring consumer data. Plus, consent is now more granular for users, who can now control whether vendors are allowed to use their personal data. Under the TCF, users can grant, refuse, or revoke their consent as well as to object to any data sharing not based on their consent.
IAB TCF and GDPR
The IAB TCF is structured as a GDPR compliant set of technical specifications and policies that provide the framework for website publishers to inform their users of the data they collect and how it’s shared and used by third-party publishers. The TCF was designed by the IAB to ensure publishers, advertisers, and their networks comply with the GDPR as well as the ePrivacy Directive (Cookie Law).
Data protection authorities (DPA) may impose fines (as much as EUR 20,000,000) on publishers who do not adhere to the GDPR. However, the GDPR provided few incentives for publishers to provide consumers with control over the data they were given under EU law. Thus, the TCF has created a means for publishers to adopt similar methods of communicating consent that provide opportunities for further audience monetization and greater ROI.
While businesses are not legally required to use the TCF to comply with GDPR requirements, it does function as a set of useful guidelines that simplify the process. Otherwise, compliance can be a complex, costly, and time-consuming headache.
How does TCF Work?
Under the GDPR, user consent is the most important aspect of data collection from users on publishers’ websites. The TCF simplifies the process for publishers to acquire consent from their users and then share that collected data with advertisers by:
- Establishing industry-wide standards for data collection and processing.
- Ensuring publishers and advertisers maintain GDPR compliance.
- Enabling publishers to be more transparent with their users.
- Allowing users to choose which organization's data is shared with as opposed to a simple yes or no decision on whether their data is shared.
- Relaying user data to third parties down the advertising supply chain.
- Creating “a common language with which to communicate consumer consent for the delivery of relevant online advertising and content.”
The TCF enables users to interface with vendors and Google Ad Tech Providers through the Consent Management Platform (CMP) publishers use.
IAB TCF 2.2 Vendor List and Google Ad Tech Providers
Publishers can choose which vendors and Google Ad Tech Providers to work with and their CMP relays that information to their users as well as the purposes their data will be used for. These purposes typically include content personalization, targeted advertising, and more.
The IAB TCF 2.2 manages a Global Vendor List (GVL) which stores the registration information of vendors who work with website publishers and advertisers and their CMPs. It also oversees the compliance process for CMPs participating in the TCF.
To comply with the Europe's GDPR and the UK's DPA 2018, Google allows publishers to select which ad technology providers are allowed to serve and measure ads in the European Economic Area (EEA) and the UK to support ad delivery, ad measurement, and other functions. Google EU User Consent Policy requires that publishers clearly identify each party with whom data is shared. Publishers can use a custom or default set of Google ad technology providers. In all cases, they need to list these providers for their users.
All Google ad technology providers listed have shared certain information that is required by the GDPR, a link explaining their data usage, and they have agreed to comply with Google data usage policy. Publishers can view these controls and the list of ad technology providers in their Ad Manager, AdSense, or AdMob account.
To enable the selection of the Global Vendor List (GVL) and Google Ad Tech Providers, you need to use a CMP that has the full IAB TCF 2.2 integration. You can select vendors and Google Ad Tech Providers using the CookieScript CMP!
Read the related information:
- The list of Google Ad Tech Providers.
- The guide about how to enable the IAB TCF 2.2.
- The guide about how to select global vendors and Google Ad Tech Providers.
Who should use TCF?
Any first-party publisher that transfers user data to third-party advertisers or other parties should utilize the IAB TCF. As highlighted previously, publishers can benefit tremendously from using the TCF because it simplifies their transparency efforts and allows them as controllers of data to have more control over how their users’ data is processed and for which purposes.
Any publisher or website operator within the EU that monetizes their content through third-party advertisers can communicate to vendors the preferences their users have expressed for how their personal data is used. Complying with the GDPR is of the utmost importance to any advertiser or publisher who handles, keeps, or tracks users’ data in the form of cookies, device identifiers, or other tracking technologies. Plus, TCF is also applicable to any organization outside of the European Union that chooses to comply with the GDPR.
IAB Transparency & Consent Framework and CookieScript
CookieScript functions as a solution for ensuring website cookies comply with the latest ePrivacy regulations from the GDPR. Since EU fines for non-compliance with data regulations are so high, having the tools to comply with the latest in Privacy Policy regulations is critical for business websites’ online efforts as well as their long-term financial success.
CookieScript stays up to date with the latest EU regulations while providing easy-to-use and user-friendly options for maintaining full compliance under the TCF guidelines. CookieScript can be fully integrated into the vast majority of popular hosting platforms, from WordPress and Wix to Shopify, SquareSpace, and more. Website publishers can enable IAB TCF 2.2 compliance and select global vendors and Google Ad Tech Providers.
Frequently Asked Questions
What is the Interactive Advertising Bureau Transparency and Consent Framework?
The Transparency and Consent Framework (TCF) was created by the Interactive Advertising Bureau (IAB) to standardize how businesses run targeted advertisements while also remaining in compliance with the GDPR. It’s essentially a framework for running online ads with the appropriate consent levels in place.
What’s the purpose of the TCF?
The Transparency and Consent Framework allows for publishers to use similar communication methods while following the GDPR. You don’t need to follow the TCF to be in GDPR compliance, but it does provide a useful set of guidelines to help ensure compliance. It essentially simplifies some of the complexities surrounding the GDPR.
How does the Transparency and Consent Framework work?
The TCF makes it easier for publishers to gain the consent of users and share that data with advertisers. It allows users to interact with vendors through the Consent Management Platform of the publishers.
Who needs to use the TCF?
The TCF was designed for any first-party publisher working with advertisers. It was designed to simplify the transparency process and provides more control over the data processing of its users.
What’s the Best Way to use the IAB’s Transparency and Consent Framework?
Complying with the GDPR is essential for any first-party publisher that transfers data to third-party publishers. You can use the TCF to stay within GDPR compliance by finding a registered Consent Management Platform (CMP) like CookieScript, through the Interactive Advertising Bureau.
What are Google ad technology providers?
To comply with the GDPR and the DPA 2018, Google allows publishers to select which ad technology providers are allowed to serve and measure ads in the EEA and the UK to support ad delivery, ad measurement, and other functions. See the list of Google Ad Tech Providers. You can select the default or a custom set of Google ad technology providers by using a Consent Management Platforms (CMP), that has the IAB TCF 2.2 integration. Select Google Ad Tech Providers using the CookieScript CMP!
What is a Global Vendor List?
The IAB TCF 2.2 manages a Global Vendor List (GVL) which stores the registration information of vendors who work with website publishers and advertisers and their Consent Management Platforms (CMPs). It also oversees the compliance process for CMPs participating in the TCF. With CookieScript CMP, that is a registered CMP at the IAB, you can select vendors from a Global Vendor List, and comply with the GDPR.