william littman headshot Posted by William Littman August 20, 2020

Are you ready to build improved customer trust with IAB TCF 2.0?

In partnership with IAB Europe, the IAB Tech Lab launched the second iteration of the Transparency and Consent Framework (TCF) v2.0 on 15 August 2020.  The original framework, TCF (v1.1), was enacted in April 2018 as a vehicle to help digital advertising industry participants to achieve compliance with the General Data Protection Regulation (GDPR) and ePrivacy Directive. At the core of TCF is a voluntary framework that provides publishers with the appropriate means for notifying their site users about the data that is being collected, how the publisher or vendor intends to use such data and enables users to exercise total control over this processing.

IAB’s stated vision for TCF v2.0 is to grant superior transparency and choice to consumers and greater control to publishers. But it has also been seen as an attempt to ensure that adtech vendors and publishers stay ahead of the regulators, following criticism from the UK Information Commissioner’s Office (ICO) in their ‘Adtech Update Report’ last June. Indeed, TCF v2.0 represents a drastic revamp of the original framework, greatly expanding publishers’ insight into the data practices of their vendors and providing the functionality to manage user consent throughout the entire adtech ecosystem.  

Enhanced privacy protection

So what does TCF v2.0 achieve from a regulatory perspective? TCF v2.0 is a superior product to v1.1 for a number of specific reasons:

  • Enhanced granularity and user-friendly processing purposes 

The framework has been expanded from five to ten purposes, with the addition of two special purposes, two features, and two special features.  A “purpose” is one of the delineated reasons for the processing of data, including the personal data of users by vendors.  A “special purpose” is a separate basis for processing data to which the user may not object due to security reasons.  A “feature” is the method by which a vendor may process the data in furtherance of the purpose, including the use of IP addresses or combining online data with offline data.  Finally, certain “special features,” such as the use of geolocation data, will require a separate opt-in. These changes enable the user to make more informed choices, meaning fewer loopholes for adtech vendors and greater transparency for users about how their personal data is used.

  • More complete accommodation of “legitimate interests”

Vendors will no longer be able to process personal data unless their “legitimate interest” has been disclosed to the user via an explicit signal. Legitimate interest is a valid basis under GDPR for processing personal information.  Examples include processing personal data to prevent fraud, for internal administrative purposes relating to employees and clients, to ensure network and information security, and to report possible criminal acts or threats to public security to a competent authority.  While legitimate interest may also be used for direct marketing purposes, this language does not justify all forms of marketing and pre-checked opt-ins.  This is where TCF v.2.0 will provide explicit transparency to the user and the opportunity to opt out.

  • Improved publisher controls

Publishers may control processing on a per vendor basis by specifying custom requirements relating to the purpose(s) for which the data is processed, and the legal basis upon which the publisher requires the vendor to operate.

  • Right to Object (RTO) to processing based on a legitimate interest

Users may communicate their RTO to processing directly to Consent Management Platforms (CMPs) via a standardized consent signal, that will then be sent directly by the CMP to vendors in the ecosystem.

Interoperability with Google CMP

A previous drawback of the TCF was the reluctance of large tech companies to adopt the framework. In a big win for industry traction, Google’s Consent Management Platform will integrate with the consent data signals in the TCF v2.0 supply chain.  Previously, Google maintained its own set of rules, creating interoperability issues as vendors had to wrangle with two different sets of guidelines governing how consent signals are transmitted to digital ad supply partners. Given Google’s dominance of the ad market, their participation provides a huge incentive to processors to join and many observers feel this will be key to driving the adoption the framework.

Fast-track to IAB TCF 2.0: Your chance to build trust

Whether you’re a publisher, advertiser, or vendor – TCF v2.0 should be embraced as an opportunity to work with your Consent Management Provider to enable enhanced privacy protections, and by extension, improved customer experiences. Indeed, the enhanced v.2.0 framework presents a unique opportunity to let your customers know that you respect their personal data and adhere to industry best practices.

Crownpeak, has been a member of IAB Europe and a registered CMP since the TCF framework was first released, and has been working to increase transparency and trust in advertising for more than a decade. Our Universal Consent Platform, provides full support for TCF v2.0 and adopting the platform, or transitioning to the latest v2.0 framework, is quick and easy.

Speak to one of our Privacy experts today to get on the fast track to TCF v2.0 compliance.