Find out what the IAB’s Transparency and Consent Framework (TCF 2.0) means for your site and how to find a consent management platform (CMP).
Getting TCF 2.0 Ready
On Saturday, August 15th 2020 the second evolution of the IAB’s Transparency and Consent Framework (TCF 2.0) was launched. For those not familiar with the TCF, it is a framework developed by the IAB Europe and the IAB Tech Lab to enable publishers and various players within the complex ad tech space to be compliant with the European Union’s General Data Protection Regulation (GDPR).
Update: find out how to serve ads without user consent here.
What is the Transparency and Consent Framework (TCF)?
TCF 1.0 was launched in March 2018 and offered an extremely helpful roadmap to publishers, SSPs, ad networks and various ad tech players to ensure that all relevant parties within the ecosystem could create a path towards GDPR compliance.
Prior to the establishment of the TCF there was some degree of worry (some might say panic) within the industry around how to ensure compliance with the new EU regulations. The TCF provided a much needed framework.
Key elements of the TCF were the definition of purposes required, features and technologies used by vendors and the creation of a Global Vendor List (GVL). The GVL is a list of IAB-approved vendors and ad technology suppliers that are GDPR compliant. This established a legal basis for vendors (e.g. sell side platforms ‘SSPs’, demand side platforms ‘DSPs’, ad-servers and data management platforms) worldwide to gather consent in accordance with European law. The TCF also provided a similar framework for advertisers, agencies, and of course, publishers.
From the publisher perspective, the key development of the TCF was the recommendation to have a process to ‘unambiguously’ get users’ consent for collecting, processing and using their data. Getting such consent requires a pop up graphical user interface or modal that requests consent from the user and an underlying codec and API to process the consent after it has been gathered. This is known as a Consent Management Platform (CMP).
What is the difference between TCF 1.0 and TCF 2.0?
Many felt that TCF 1.0 was too restrictive, overly focused on the needs of the big ad tech players, and not attuned enough to the needs of consumers and publishers. While TCF 1.0 (and the subsequently revised TCF 1.1) provided much much needed guidance for the industry in 2018, it also had a number of drawbacks such as:
- Google the dominant ad tech player chose not to be part of TCF 1.0
- Skepticism on the part of many publishers who chose not to implement a CMP or pass consent strings to SSPs
- Lack of provision for legitimate interest
- Confusion around enforcement
- Many publishers took the approach that until Google forced their hand, it was business as usual
- Lack of adherence to an agreed framework by bad actors
TCF 2.0 aims to address many of these limitations. Perhaps one of the biggest developments with TCF 2.0 is the participation of Google, the dominant ad tech player – they have committed to the new framework and are encouraging AdSense publishers to become compliant by September 30th. The other main differences between TCF 1.0 and 2.0 are as follows:
- Consumers get more control over how vendors can use certain features of data processing
- The inclusion of legitimate interest provisions
- Improved regulation and self-enforcement
- Enhanced control for publishers
- Policing by the IAB when TCF policy violations occur
- Closure of loopholes in the policies making it possible to gather non GDPR compliant consent
How can I ensure my site is TCF 2.0 compliant?
The overriding element of TCF 2.0 that publishers need to be aware of is that the industry is now moving to a ‘full consent string’ and that failure to capture such consent will likely mean the following:
- Significantly reduced delivery of ad requests from various SSPs – applicable to both personalized and non-personalized ads.
- In some instances, the non delivery of ad demand from certain SSPs and demand partners – Google, in particular, have flagged that, “if consent is missing for Google for Purpose 1 in the TC string, Google will drop the ad request and no ads will be served.”
Publishers may already have a functioning CMP compliant with TCF 1.0 – however, it is important to ensure that their website will be compatible with TCF 2.0 sooner rather than later. We have put together a TCF 2.0 compatibility checklist to help guide publishers:
Choose a Consent Management Platform (CMP) – the crucial element here is to make sure the CMP you use is compatible with TCF 2.0 (Snigel provides an IAB approved TCF 2.0 compatible CMP). Contact us here to learn more.
Ensure that your chosen CMP is on the IAB Approved CMP list – the IAB are constantly updating their list of approved CMP providers which you can find here.
The TCF2.0 grace period deadline has been extended – in conversations with Google’s experts 14 January, 2021 was named as the deadline. Thereafter, failure to be TCF 2.0 compliant will mean reduced advertising demand and revenue loss.
To find out more about header bidding see what is header bidding.
To wrap up, TCF 2.0 and the process of being fully GDPR compliant is a complex and challenging topic, particularly for publishers who haven’t been using a CMP to date.
We understand that for many publishers the looming deadline to become TCF 2.0 compliant by September 30th is stressful and an additional burden to manage.
You can find additional information and guidance from both the IAB and Google below: