TCF v2.0 Implementation FAQs

To help you successfully implement TCF v2.0, we’ve put together some frequently asked questions to show best practices and provide practical support. If you have any additional questions, please email framework@iabeurope.eu

What is the TCF v2.0 URL-based service flow with macro substitution?

TCF signals need to be provided to tracking pixels, redirects, user ID matching processes or any other URL-based services that may collect personal information. 

Because the receiving service isn’t able to run JavaScript to access the CMP API in those cases, it should add the placeholders and macros defined in the TCF technical specifications when creating the URL.

Any caller with access to the applicable TC String must apply macro substitutions within a URL containing the macros. 

For macro ${GDPR_CONSENT_XXXXX}, where XXXXX is the numeric Vendor ID of the callee, the caller must also check for an appropriate legal basis in the TC String before replacing the macro. Please see below a sequence diagram that shows the process for the macros:

How to use flexible legal bases?

When registering to the Global Vendor List, a Vendor must indicate the data processing purposes, legal basis and features for which it is acting as a data controller. 

In order to support different publishers and local market preferences, TCF v2.0 allows Vendors to declare two possible legal bases for a given purpose, and specify a default legal basis.

In particular, publishers based in France consider all data processing activities happening on their properties must be based on consent and are likely to instruct their CMPs to apply consent overrides. Vendors operating in this market should communicate with their publisher partners and alternatively, offer flexibility for the data processing purposes they registered based on legitimate interest.

In the example of a vendor registering flexibility for purpose 7, with legitimate interest as its default legal basis :

  • When a publisher makes use of TCF v2.0 restrictions to apply consent over purpose 7, the vendor must check the purpose 7 consent signal of the TC String to determine whether it has a legal basis for processing the user’s personal data and act accordingly;
  • When no restriction applies, the vendor must check the purpose 7 legitimate interest signal of the TC String to determine whether it has a legal basis for processing the user's personal data and act accordingly, and ignore the purpose 7 consent signal.

Further Vendor guidance on flexible legal bases and publishers’ restrictions is available here.

How TCF accommodates controller-processor relationships between Publishers and Vendors?

The TCF v2.0 allows a publisher to manage or store, or instruct its CMP to do so, its own legal bases for a set of personal data processing purposes, including for purposes that are not supported by the Framework. 

The technical specifications provide for this via the optional “Publisher TC segment” in the transparency and consent string (TC String), which represents publisher purposes transparency and consent signals.

Publishers integrating with Vendors acting as their data processor for one or more purposes can rely on The Publisher TC segment to ensure the smooth transmission of their own legal bases. 

Support for the Publisher TC segment is currently optional: Publishers whose advertising activities fall within its scope should ensure the CMP they are working with offers this functionality.

Further CMP guidance on the Publisher TC segment is available here.

Lines (1)