Understanding the IAB Transparency and Consent Framework (TCF) v2.2 in 15 minutes (or less!)

The IAB Transparency and Consent Framework (TCF) v2.2 has become a cornerstone in the digital advertising ecosystem, with significant implications for web and mobile app publishers, advertisers, and ad tech partners. Let’s delve into the origins, evolution, and key considerations of TCF v2.2 to gain a comprehensive understanding of its impact in digital advertising and monetization strategies.

The IAB TCF was introduced in 2018 by the Interactive Advertising Bureau (IAB) to facilitate compliance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive, crucial regulations governing data protection and user privacy in the European Union (EU) and the European Economic Area (EEA).

The IAB framework’s primary aim is to harmonize the digital advertising ecosystem’s practices with the regulatory requirements of these EU laws, ensuring transparent data processing and user consent.

The General Data Protection Regulation (GDPR) that was implemented on 25 May 2018 significantly altered the data privacy landscape in Europe. In response, the Interactive Advertising Bureau (IAB) Europe launched the Transparency and Consent Framework (TCF) to provide a standardized approach for obtaining and managing user consent for the processing of personal data in online advertising.

The launch of the IAB TCF framework represented a significant milestone in aligning the digital advertising industry with GDPR and ePrivacy Directive requirements. It provided an initial framework for obtaining and managing user consent in the context of digital advertising, and helping publishers ensure compliance with the GDPR and the ePrivacy Directive.

Building on the foundation of the IAB framework TCF v1.1, TCF v2.1, released on 19 August 2020, addressed specific legal challenges and technological advancements, including the Planet49 ruling and standardized disclosure of cookie operation duration.

The latest iteration, TCF v2.2, introduced on 16 May 2023, represents a response to evolving industry norms and legal requirements. It incorporates feedback from industry stakeholders and has been validated by regulatory authorities, such as the Belgian Data Protection Authority, underscoring its relevance and compliance with data protection regulations.

The Transparency and Consent Framework (TCF) v2.2 continues to adapt to the ever-changing landscape of privacy regulations. This update brings crucial enhancements, ensuring greater flexibility and transparency for publishers, marketers, and app developers:

• Enhanced vendor controls: TCF v2.2 equips publishers with refined tools to control and manage vendor activities. This not only ensures compliance but also empowers publishers to make informed decisions about the third-party technologies they integrate into their platforms.
• Broader scope of features: The latest version expands its coverage, catering to a wider range of advertising scenarios. Whether you’re a publisher, marketer, or involved in app monetization, TCF v2.2 is designed to accommodate diverse use cases, providing a more inclusive and adaptable framework.
• Improved user experience: TCF v2.2 places a strong emphasis on enhancing user experience by offering more granular choices. Users now have clearer options for customizing their consent preferences, fostering a sense of control over their data.

This comparison provides a concise overview of the key differences and advancements introduced in each version of the IAB Transparency and Consent Framework (TCF), highlighting the evolution and progression of the framework to meet the changing industry norms and legal requirements.

The Transparency and Consent Framework (TCF) defines the role of Consent Management Platforms (CMPs) as “software or solution providers responsible for developing notices, such as cookie banners, to inform users and capture their preferences regarding the processing of their personal data”.

To be certified as TCF consent solutions, CMPs must register to participate in the TCF by applying for an annual CMP membership. The TCF-registered CMPs are required to adhere to the TCF Policies, which include providing transparency and choices to users, capturing and storing users’ choices, and ensuring that users’ choices can be communicated to vendors.

All of Usercentrics consent solutions, including Cookiebot CMP, are registered in the TCF and also certified by Google for its publisher requirements, which entered into force in January 2024.

For web publishers, the IAB TCF v2.2 mandates a robust approach to user consent for data processing related to advertising purposes. It requires publishers to provide clear and accessible information to users about the data being collected and its intended use.

Now, let’s go over the TCF v2.2 data collection and processing requirements to keep in mind.

1. Removal of legitimate interest

The IAB framework TCF v2.2 has removed the use of “legitimate interest” as an acceptable legal basis for data processing operations related to personalized ads and content. This change underscores the exclusive reliance on user consent for such purposes, aligning with evolving legal standards and regulatory guidance.

2. Improved user-facing standard texts

Publishers are now required to present improved user-friendly descriptions, replacing the current user-friendly text and mandatory legal text. Additionally, the introduction of new features of processing aims to enhance transparency over the means of processing used by vendors in support of the TCF purposes.

3. Standardization of additional information

To provide greater transparency, vendors must now provide additional information about their data processing operations at registration, ensuring users have access to comprehensive details about data processing activities.

4. Facilitating user withdrawal of consent
Publishers and their consent management platforms (CMPs) are required to ensure that users can easily re-access the CMP UI to manage their choices. This includes providing an equivalent call to action when users re-access the CMP UI to withdraw consent to all purposes and vendors in one click.

In the mobile advertising landscape, the Transparency and Consent Framework (TCF) v2.2 introduces essential guidelines and requirements that advertisers must adhere to in order to ensure compliance, transparency, and effective ad targeting strategies. While delivering digital ads, you should be cautious of the following TCF v2.2 framework components:

TCF v2.2 needs app publishers to disclose the total number of vendors on their vendor list on the first layer of their CMP. Displaying too many vendors can make it hard for users to make informed choices. It’s better to limit the vendor list to include only those that you work closely with.

TCF v2.2 restricts you from using legitimate interest as a legal basis for certain purposes. Vendors must establish consent as their legal basis for the following purposes:

• Create a personalized ads profile
• Select personalized ads
• Create a personalized content profile
• Select personalized content

TCF v2.2 also replaces the currently mandatory legal disclaimers with user-friendly descriptions. You’ll need to include illustrations on the CMP’s second layer to clarify what the different purposes mean.

TCF v2.2 requires publishers to capture user consent for serving both personalized and non-personalized ads, ensuring compliance with user preferences and data protection regulations.

Before TCF, vendors always had to struggle with interoperability issues as they used two sets of guidelines — one by IAB Europe and another one by Google — to transmit consent signals to digital ad supply partners. The good news is Google now supports TCF v2.2, so you can follow a consistent set of guidelines for all ad tech companies.

To work with Google AdSense, Ad Manager, or AdMob, publishers must implement a TCF v2.2 certified CMP, such as Usercentrics (for web and mobile) or Cookiebot Web CMP by Usercentrics. That way, Google’s ad tags and SDKs can easily receive the transparency and consent (TC) string from the CMP.

Similarly, demand-side platforms (DSPs) must adhere to the following guidelines to meet TCF v2.2 requirements.

• Vendor registration: It’s mandatory to register as a vendor in the global vendor list.
• Transparency and consent signal ingestion: Vendors must have a mechanism that supports TC string consumption for processing real-time bidding requests.
• Legal basis for data processing: A legal basis is mandatory for processing sensitive user data.

• Vendors will also have to provide some additional information during registration:
• Categories of data collected and processed
• Details of the data retention period
• A webpage link that reveals a vendor’s legitimate interests

For publishers seeking to monetize their digital platforms, understanding and leveraging the IAB framework is not just a matter of compliance; it’s a strategic move toward sustainable growth. Here’s why TCF matters for publishers in the realms of marketing, growth, and monetization:

1. Building trust: Implementing TCF signals a commitment to user privacy and transparent data practices. This builds trust among your audience, establishing a solid foundation for long-term relationships and user loyalty.

2. Maximizing monetization opportunities: TCF compliance opens doors to a wider range of advertisers, as many demand transparency and adherence to privacy standards. By aligning with TCF, publishers position themselves to capitalize on a broader spectrum of advertising opportunities.

3. Adaptability to changing regulations: As privacy regulations evolve, TCF provides a framework that can adapt, ensuring that publishers stay ahead of compliance requirements. This adaptability minimizes the risk of regulatory penalties and disruptions to revenue streams.

4. User-centric monetization: TCF enables publishers to prioritize the user experience by offering granular consent options. This user-centric approach not only ensures compliance but also fosters positive interactions, ultimately benefiting monetization efforts.

How does TCF v2.2 affect monetization partnerships? Programmatic ad revenues in the post-TCF v2.2 era will rely on your ability to respect user choices and obtain consent. A sharp decline in the consent rate will impact your app monetization potential.

If you’re using Google Ad Manager, your Google AdMob & AdSense account will automatically consume transparency and consumer (TC) strings from the consent management platform you use. TC string is a coded character string that contains every user consent decision-related information.

Since January 2024, Google explicitly requires publishers using Google AdSense, Ad Manager, or AdMob to use a consent management platform (CMP) that has been certified by Google and integrated with the IAB’s Transparency and Consent Framework (TCF) for serving ads in the European Economic Area (EEA) and the UK.

Working with a Google-certified CMP like Usercentrics helps you to hit two birds with one stone—stay TCF compliant while gathering consent and sharing data with your ad tech partner. It’s worth noting here that there’s a huge potential for monetization risks when ad publishers use technologies that block ad delivery in case of no consent string or negative user consent.

When it comes to choosing the right Consent Management Platform (CMP) for TCF v2.2 compliance, Usercentrics offers a comprehensive solution, but there are several important requirements and steps to consider.

1. IAB’s TCF v2.2 integration: Ensure the CMP integrates with the IAB’s TCF v2.2 to work with vendors while reducing data privacy risks and enabling compliance with regulations like the GDPR and ePrivacy Directive.

2. Google-Certified CMP: A CMP integrated with the IAB’s TCF 2.2 is mandatory for all publishers and developers utilizing Google AdSense, Ad Manager, or AdMob to serve ads in the EU/EEA or UK after January 16, 2024.

3. Support for Google’s Additional Consent: The CMP should support Google’s Additional Consent to collect and signal consent for ad tech providers not part of the TCF v2.2 but listed on Google’s Ad Tech Providers (ATPs) list.

• User experience: Considering the strict UI requirements of the IAB TCF v2.2, it’ll be best to pick a CMP that offers a transparent and user-friendly interface, ensuring consistent user experience across all devices.
• Customization flexibility: A CMP that lets you customize the disclaimer display per your website design makes it easier to keep the user experience consistent.
• Integration capabilities: A CMP’s integration abilities are crucial for streamlining data collection and consent management. Consider checking if the CMP integrates with the existing tech stack, including CMS, analytics tools, website, and ad tech platforms that you use.
• Consent granularity: Also, make sure the CMP you choose can capture and manage user consent data at a granular level. The result will be a smooth consent management experience for users—where they can choose preferences for data processing activities, such as third-party data sharing, analytics, and personalized ads.
• Consent records and audit trails: Don’t forget your CMP should also be able to manage user consent records and offer audit trails for compliance. Both record management and audit trails are crucial for maintaining data processing transparency.

Embracing the IAB Transparency and Consent Framework, especially with the latest updates in TCF v2.2, is not just about compliance; it’s about fostering trust, maximizing monetization opportunities, and prioritizing user privacy.

The TCF v2.2 regulations have caused web and app publishers to worry about monetization opportunities, but there’s no reason to worry if you use the appropriate CMP solution.

Partnering with Google-certified CMPs for TCF requirements such as Usercentrics CMP or Cookiebot CMP aids you in collecting consent efficiently, meeting UI regulations, allowing users to modify consent choices, and offering a consistent user experience. Plus, these consent solutions make consent management hassle-free, meaning you can easily overcome the declining consent rate in the European market and boost monetization potential.

Still unsure about how to protect ad revenue while meeting TCF v2.2 regulations? Book a consultation call today to secure monetization opportunities.