TCF 2.0 came into force on 15th August 2020. We have summarised for you the most frequently asked questions about TCF itself and the implementation via the Usercentrics CMP.
What is the IAB?
The Interactive Advertising Bureau Europe (IAB Europe) is an international business organisation for the online advertising sector. In its own words, the organisation represents the interests of companies from the digital advertising and media industry, ensures consistency and standardisation and serves to improve the use of digital advertising channels for advertising customers.
For whom is TCF 2.0 intended?
Anyone who runs a website can potentially be affected by TCF 2.0. However, the TCF is primarily relevant to advertisers and publishers who are directly related to the end user (e.g. through a Web page, app or other content) and whose core business is to monetize their own content through advertising – for example, by displaying digital advertising, collecting user information, or performing measurement or analysis and working with third parties to do so.
What is the TCF?
The “Transparency and Consent Framework (TCF)” of the International Advertising Bureau Europe (IAB) is a technical standard spanning multiple sectors for the retrieval and transfer of a user’s consent signals between publishers and third party providers who have committed themselves to the framework (e.g. Google, Criteo, Quantcast or Taboola). The framework thereby establishes a “common language” on whose basis all participants in the advertising value chain can communicate, and which enables marketing to be conducted legally in the future via these channels.
Why do I need the TCF 2.0?
From 15th August 2020, vendors who have committed themselves to the framework will request consent from users to further process their data and/or to run advertising in the form of an IAB TC string which can only be created by an IAB-certified Consent Management Platform (CMP). The CMP in use by publishers who have activated TCF 2.0 will not block any vendors who have committed themselves to TCF 2.0. The information on whether or not the vendors may use the personal data which has been received is available in the TC string. The vendors are themselves responsible for ceasing the use of personal data if the user has not granted consent.
What is the difference between TCF 1.0 and TCF 2.0?
Detailed information regarding TCF 1.0 and TCF 2.0 can be found here.
When should I start the transition?
The Usercentrics CMP will continue to support TCF 1.1 until 15th August 2020. Parallel to this, it is already possible to update your settings in our CMP interface to version 2.0. You will then be equipped with version 2.0 before the end of the IAB transition period.
What will happen if I don’t transition in time?
TCF 1.1 will no longer be supported by IAB from 15th August 2020. This means your present setup will no longer be supported, advertisements will no longer be run, all of which may have negative implications for your advertising revenue.
How must I implement the Usercentrics CMP so that I can use TCF 2.0?
All information regarding the implementation process in the Usercentrics CMP can be found here. Our Customer Success Team will help you with any further questions.
What creative possibilities do I have with the individual CMP elements once TCF 2.0 is activated?
The guidelines of the TCF, according to the current situation, provide for asking for personal privacy settings via a centrally placed Privacy Wall.
Which vendors use TCF 2.0?
All vendors who have committed themselves to TCF 2.0 can be found on the Global Vendor List (GLV) which is updated weekly by the IAB.
Will Google require TCF 2.0 as a standard?
Yes. Google will, in all likelihood, integrate TCF 2.0. The current situation and further information for publishers can be found here.
Can I continue to work with non-IAB vendors?
Yes. Publishers will also still be able to work with vendors who have not committed themselves to TCF. However, TCF 2.0 stipulates that it must be clear for the user whether the vendor is from the IAB’s Global Vendor List or if it is a non-IAB vendor. For this reason, the framework recommends clearly listing both groups separately.
Can I incorporate non-IAB vendors into the CMP?
This is possible. You can add these services to your configuration as before in the Usercentrics Admin Interface via the menu option “Service Settings”.
Can I simply incorporate the entire Global Vendor List for TCF 2.0?
You can add these services to your configuration in our Admin Interface via the menu option “Service Settings”. However – for reasons of transparency and user friendliness – it is recommended that you do not incorporate the entire list but limit yourself to third party providers to whom data will actually be forwarded for processing.
Does the TCF demand that user consent be obtained every time the Global Vendor List is changed?
Every time the user is shown the privacy banner e.g. on the first visit to the website or when the user wishes to change his or her personal privacy settings, the TCF 2.0 requires that this occurs based on the newest version of the Global Vendor List (GLV).
The TCF 2.0 guidelines do not, however, require that users check and update their selection every time the GVL is updated. The user’s TC strings may, however, not be updated without the user interface being presented once again and the privacy settings preferences queried.
It lies at the discretion of the CMP and/or the publisher to decide whether changes in the GVL compared to a previous version used to confirm the user’s privacy settings justify the banner being shown again.
The TCF 2.0 guidelines merely require that users are reminded every 13 months at the latest of their right to revoke their consent and/or to object to the processing of their data.
Can I amend the text of the Data Processing Services (DPS)?
No. The information about vendors who are registered on the Global Vendor List (GLV) is comprehensively laid down by the IAB and can be amended neither by Usercentrics nor our customers. These texts are automatically entered into the Usercentrics database, updated weekly and publishers can then incorporate them into their CMP.
Information regarding non-IAB vendors can be generated as before from our own service database and it also remains possible to generate custom DPS here. These providers/services will retain the current lock logic through our CMP.
What are so-called “Stacks” with TCF 2.0?
With the update of TCF 1.0 to TCF 2.0 the number of purposes has increased from 5 to 10. The publisher can now combine several purposes as “stacks” to make it easier for the end user to stay on top of things provided the IAB’s requirements are fulfilled.
No. According to TCF 2.0 guidelines the first layer must contain only an action request for the user such that he or she can provide consent (e.g. “Accept”, “OK”, “Allow” etc.) and provide an option to amend the selection (e.g. “advanced settings”, “customise selection” etc.). TCF 2.0 guidelines do not require an action request in the first layer which enables the user to revoke consent. It is up to the publisher whether or not to show a “Reject” button in the first layer if you wish to do so or if local laws require it.
No. With TCF 2.0 only the purposes for which third-party providers use data and the stacks need to be listed. At present, there is no obligation for CMPs to offer users a granular selection option at first. However, it is up to the publisher whether to offer this via the CMP anyway or carry out appropriate amendments if local laws should require this.
As a publisher can I define the legal basis or purposes for individual vendors?
TCF 2.0 offers publishers the option to define which legal bases and for what purpose your users’ personal data can be processed by the respective vendor. Publishers can thereby define customer requirements in accordance with their own commercial and legal considerations, e.g. the exclusive use of explicit consent as a legal basis or, for example, only allow certain processing purposes with selected providers.
What is the difference between Global Scope and Service Specific Scope?
TCF gives publishers two options for how you may wish to share your consent information:
Global Scope: If the user makes a consent decision on a website, this will be stored as part of the framework and all other websites working with a CMP activated for TCF 2.0 and who operate in Global Scope have the ability to access this consent information. Important to know: If the user sets his or her privacy settings in Global Scope, these settings shall be binding for all parties participating in Global Scope. Important: This also applies for cases in which the user does NOT grant consent. For example, if a user makes the decision not to provide consent on another website, all other websites from the group must likewise respect this decision.
Service Specific Scope: Only privacy settings relating to the website for which they were requested are valid here.
Important: Google has announced that it will only support TCF 2.0 in the Service Specific Scope. Further information can be found here.
As a publisher can I define the legal basis for my own (data processing) purposes?
Yes. The guidelines of TCF 2.0 allow publishers to administer and save their own legal bases in their CMP for a variety of data processing purposes. This also applies explicitly for processing purposes which are not supported by the framework. This information can be found in the “Publisher TC Segment” of the TC string which serves to ensure seamless transfer of the publishers’ legal bases to the vendors with whom they work.
Does TCF forbid “continuing to scroll” as consent?
No. No exact definition or guideline can be found in the guidelines of TCF detailing how user consent (e.g. explicit or implicit) is to be obtained. By implication, publishers therefore have the option to regard “continuing to scroll” as user consent.
Where can I find further information about TCF 2.0?
Further information can be found on the official website of the IAB or on in our article “TCF 2.0 explained – the most important new features at a glance”.