TCF 2.0 explained – the most important new features at a glance

TCF 2.0 explained – the most important new features at a glance

by Usercentrics
May 7, 2020
Book a demo
Learn how our consent management solution can improve privacy and user experience for your users.
Get your free data privacy audit now!

Things are starting to get serious!  The TCF 2.0 is about to roll out with the current deadline set to the 15th of August. But what does this exactly mean for publishers, advertisers or agencies and what they have to pay attention to? This and more will be explained in the following.

TCF 2.0 – more clarity, more data protection 

TCF 2.0 is the revised edition of the original “GDPR Transparency and Consent Framework (TCF)”, which was launched in March 2018 by the International Advertising Bureau (IAB) Europe as version 1.0.

The TCF provides a standardized technical infrastructure for the query and transmission of user consent between publishers, advertisers, publishing houses and their technology partners.  

The goal of this framework is to standardize how companies – publishers, advertisers and agencies, but also AdTech providers – can continue to deliver programmatic advertising without violating the GDPR regulations.

This is because anyone who intends to collect and utilize user data in compliance with GDPR must follow strict guidelines. Namely, 1) not only inform their users how and for what purpose the data will be used, but also 2) obtain their consent for the use of the data for specific purposes.

And why soon, nothing will function without a CMP

Numerous essential actors and technology providers in the AdTech landscape have already committed themselves to support this framework. First and foremost Google, but also Criteo, Xandr, Adition, Quantcast, Taboola, MediaMath, etc.

In other words: many vendors will no longer support advertising where no associated IAB Transparency & Consent String (TC String)  can be queried via the website’s CMP. Without this TC String, the vendor cannot be sure that there is a legal basis for the display of advertising. This is a procedure that is likely to become increasingly prevalent among vendors.

What does this mean for publishers and advertisers? Anyone who wants to display advertising via vendors who have adhered to TCF 2.0 can only do so by transmitting the user consent in the form of a TC string. Please note: This TC String can only be generated via an IAB certified Consent Management Platform (CMP). 

So anyone wishing to continue using the data collected from their website visitors for advertising purposes cannot avoid an IAB-certified CMP.

Protect your advertising revenues and count on the IAB certified Usercentrics CMP – Request a demo now!

Would you like to learn more about the IAB Framework? For more information and facts regarding  the TCF, please click here. 





As of when does the TCF 2.0 take effect?

On the 31st of March 2020, version 1.0 of the “GDPR Transparency and Consent Framework (TCF)” of IAB Europe will be officially replaced by the TCF 2.0. As of Q3/2020, Google, for example, also plans to incorporate the 2.0 version. 

But don’t panic just now: In order to give vendors enough time to implement the new framework, the TCF 1.0. will continue to be backed up/ supported in the coming months – until 14th of August 2020 to be exact – according to IAB Europe. This means that things will only get really serious towards the end of Q3/2020, when the TCF 1.0 must be completely replaced. 


What advantages does the TCF 2.0 offer?

For publishers: 

TCF 2.0 gives publishers more control and flexibility to integrate and collaborate with their respective technology platforms. Thanks to the new Publishers function, you can place a

limit on the purposes for which personal information from providers is processed on a publisher’s website through a per-provider basis.

For users: 

With the TCF 2.0, users can give or withhold their consent and exercise their right to object to the processing of their data. Users also gain more control over whether and how providers are allowed to use certain data processing functions, for example, when using precise geolocation.


What’s new in TCF 2.0? What has changed from the previous version?

The most important changes at a glance:

⇨ Stronger focus on “legitimate interest”: Vendors can invoke their “legitimate interest” for certain “purposes”. The user now has the opportunity to object to this. 

⇨ More “Purposes”: The number of “Purposes” for processing Tracking Data has been increased two-fold.  

⇨ Special Purposes: There are two uses that users cannot object to due to security reasons

⇨ Special Features: From now on, certain features require a separate opt-in. For example: the use of geolocation data.

⇨ Technical instructions for mobile apps: Version 2.0 contains detailed information regarding the standardised storage of            Cookie  Consent in apps.


Detailed information regarding all Purposes and Features can be found here.


Checklist: What do I have to do as a website operator to prepare for TCF v2.0?


Do you already use a CMP?

✔Check if your CMP is IAB certified.

If yes, find out if your CMP supports the TCF 2.0 standard 

If your CMP only supports the TCF 1.0 and you still need to upgrade to TCF 2.0, contact your CMP provider to determine if the requirements are met.

 If not, look for a vendor whose CMP is IAB-certified. How to change your CMP provider and why this process is easier than expected is explained here.


Please note: The changes for the second version of the TCF are so extensive that a completely new implementation is required. With the list of new features, purposes and stacks and the resulting new structure for the content string along with a number of other changes, none of the updates can be assigned to an earlier version, specifically version 1.0. In addition, after an initial transition phase in the version 2.0, older versions will no longer be supported.


Do you not have a CMP in use yet?

✔Search for a suitable CMP provider. Find out what makes a strong and compliant CMP and how to find the right CMP for your company in our  Buyers Guide

Home Resources Article TCF 2.0 explained - the most important new features at a glance

Related Articles

South Africa’s Protection of Personal Information Act – an overview

South Africa’s Protection of Personal Information Act – an overview

South Africa’s POPIA is a data privacy law that preceded the GDPR by five years. We look at how...

Brazil’s General Data Protection Law / Lei Geral de Proteção de Dados (LGPD) – an overview

Brazil’s General Data Protection Law / Lei Geral de Proteção de Dados (LGPD) – an overview

Brazil’s LGPD builds on existing Brazilian law and is influenced by the GDPR. We look at how it addresses...