Configure the Vendors¶
Global Vendor List (GVL)¶
Under Service Settings, you can configure the Global Vendor List, as well as Google Vendors, that you are using on your site. The list shown under Global Vendor List contains the vendors of the TCF 2.2 Global Vendor List. The CMP automatically updates the list, and the active version can be seen within the Admin UI just above the list of vendors. The list of vendors, and their information, is provided by the IAB through the vendor registration, and it must be used as is.
Activating a vendor by checking the box on the left of each vendor will add it to the CMP, and disclose it towards the user. Similarly, you can always deactivate a vendor again. If opening the dropdown menu for each vendor, it is visible for what purposes the vendor is registered.
Data Transfer Outside of EU/EEA
Inside each vendor, you can specify if the vendor is transferring data outside the EU / EEA”. The information will be displayed inside the respective vendor on the second layer of the CMP.
Stacks¶
Stacks are combinations of Purposes and/or Special Features of processing personal data used by the participants in the Framework.
These stacks may be used to substitute Initial Layer information about two or more Purposes and/or Special Features.
Using Stack 1 and Stack 42” is the most common Stacks combination”
Important
Purposes must not be included in more than one stack and must not be presented as part of a Stack and outside of Stacks at the same time. Conversely, any stacks used must not include the same Purpose more than once, nor Purposes should be presented separately from stacks.
Publisher Restrictions¶
TCF 2.2 allows you to signal restrictions on how the vendors may process personal data. It is possible to either restrict the purposes for which personal data is processed or specify the legal basis for vendors that signaled flexibility on the legal basis in the Global Vendor List.
Once a purpose has been restricted in the Admin Interface, a vendor must respect the restriction signal that disallows the processing for the specific purpose regardless of whether or not they have declared that purpose to be flexible.
Behaviour for flexible purposes
In the case that a vendor declared a purpose with a default legal basis (consent or legitimate interest) but also declared this purpose as flexible, the legal basis restriction must be respected if set in the Admin Interface. That means for example if a vendor declared a purpose as legitimate interest but also declared that purpose to be flexible and the legal basis was restricted to consent, the vendor must check for the consent signal and must not apply the legitimate interest signal.
Disable legitimate interest
In case you want to disable legitimate interest for your TCF 2.2 CMP, you need to restrict all purposes to consent in the Admin Interface.
Google Vendors¶
Some vendors choose to not register for TCF, but are instead registered with Google as “Ad Technology Providers” within the Additional Consent requirements. You can activate and deactivate Google vendors in this section.
Information about Google Vendors, is not visible in the TCF signal (TcString) however a list of consented vendors is available through the TCF API.
Google is responsible for maintaining the list of active Google ATP’s, and if a vendor is also registered with TCF, Google documents that they will then not be adding the vendor to the ATP list.
You can read more about Google’s Additional Consent framework here.
Data Processing Services¶
Vendors that are not part of TCF’s Global Vendor List or Google’s ATP framework, have to be configured as Data Processing Services.