The Transparency & Consent (TCF) v2.0 is the product of 12 months of reflection begun in response to feedback from the market, notably publishers, and from EU Member State data protection authorities (DPAs). Launched on the 21st August 2019, the vision for TCF v2.0 is to provide enhanced transparency and choice to consumers and greater control to publishers.
Businesses were given until the 15th August to adopt the new standards and successfully switch across from TCF v1.1 to TCF v2.0. The introduction of TCF v2.0 has welcomed many new Vendors and CMPs who were waiting for the updated policies before joining the only privacy compliance solution that was built by the industry for the industry.
Please see below for Q&As related to TCF v2.0 and the switchover. This Q&A will be updated on a weekly basis so if you have any additional questions not covered below, please email framework@iabeurope.eu
| QUESTION | ANSWER |
| Timelines & Deadlines | |
| When did TCF v2.0 launch? | IAB Europe, in partnership with IAB Tech Lab, announced on 21 August 2019 the launch of the second iteration of Transparency and Consent Framework (TCF) v2.0. The TCF Steering Group (SG) was tasked with drafting the new TCF Policy and IAB Tech Lab managed the technical specifications. With participation from 10 National IABs and 55 organisations, and EU-level associations, publishers, media owners, technology providers, and media agencies, the TCF Steering Group enabled an inclusive, fair and consensus-based participation of stakeholders to deliver the vision.
TCF v2.0 continues to support the overall drive of the TCF to increase consumer transparency and choice, management by digital properties of consent and compliance, and industry collaboration that centres on standardisation. |
| When will TCF v2.0 be officially up and running in the market? | Please note the following TCF v2.0 timeline:
31 March 2020 30 April 2020 31 May 2020 15 August For more information on the revised deadline, please see the press release here. |
| When will TCF v1.1 be switched off? | Technical support for TCF v1.1 will continue through to 15 August 2020, post that date support will be removed. |
| I’m a vendor using TCF v1.1, when should I switch over to TCF v2.0? | It is critical that all vendors complete TCF v2.0 registration by March 31st. When completing your TCF v2.0 registration you have the option to positively confirm that you are already operational for TCF v2.0 or not. If you do not confirm you are operational for TCF v2.0, then your registration will not be published in the TCF v2.0 GVL JSON here. This means that your v2.0 registration choices will not be visible to anyone other than you but importantly your intention to support TCF v2.0 will be captured and IAB Europe and the TCF Steering Group will be able to signal to the market how many vendors have committed to support TCF v2.0.
As soon as you are operational for TCF v2.0, you can update the confirmation field in TCF v2.0 registration and make any other amendments to your registration. You will then be published in the GVL TCF v2.0 JSON. |
| I am a vendor who is already registered for TCF v1.1. Do I need to create a new registration for TCF v2.0? | If you have registered for TCF v1.1 then you do not need to create a new registration for TCF v2.0, you can update your TCF v1.1 registration to include TCF v2.0 by following the log-in process here. This will take you to your TCF v1.1 registration details and enable you to complete and add TCF v2.0 registration.
Your annual TCF fee includes registration for TCF v2.0 |
| I’m a CMP using TCF v1.1, when should I switch over to TCF v2.0? | All CMPs should have code completed for full feature support, deployed in a limited capacity in production environments to monitor and test and fix issues by March 31st 2020. Objective to meet success criteria for general availability readiness.
See timeline described in previous question for further details applicable to CMPs through to the close of support for TCF v1.1 15 August 2020. |
| When will Google partners join the TCF? | Google is a registered TCF v2.0 vendor and CMP. Interoperability for vendors working with Google and TCF v2.0 can be found here. |
| Support & Guidance | |
| What support materials are available for vendors & CMPs to implement TCF v2.0 | In the run up to the switch over deadline, IAB Europe has been running a series of workshops to offer full support and guidance to CMPs and Vendors. The workshops started in January 2020 and will run until the end of Q1. Hosted in a 1 hour-long webinar format, all interested participants are able to dial in and hear from TCF experts on what is needed to fully implement TCF v2.0. All webinars feature Q&A sessions and are recorded. The workshops cover everything from the CMP user interface under TCF v2.0 to Policy and technical specifications differences from TCF v1.1.
Please visit the workshop page on IAB Europe’s website to access previously recorded workshops and presentation decks. You can also sign up for future sessions. This Q&A document should also serve as a resource to help you get all the answers you need to successfully implement TCF v2.0. If you have any additional questions, please contact framework@iabeurope.eu |
| Is there a community forum or channel to connect with other TCF Vendors & CMPs to discuss TCF v2.0 and get additional help and support? | To access IAB Europe’s TCF Slack channels, please see below:
CMP Forum (IAB Europe) - Slack Channel Invitation Link: Click Here General TCF (IAB Europe) - Slack Channel Invitation Link: Click Here |
| TCF v2.0 overview | |
| Why was TCF v2.0 created? | Successful management of technical frameworks over time requires continual consultation with its users and the broad base of stakeholders. For the TCF, that includes publishers, advertisers, media agencies, technology providers, and data protection authorities. Over the past 12 months, stakeholder feedback has been sought, most notably from the publisher community and regulators providing valuable feedback on how the framework can be improved and better serve the community. This has driven the creation and purpose of TCF v2.0. In addition, feedback from regulators on TCF was sought and incorporated.
The vision for TCF v2.0 was to provide enhanced transparency and choice to consumers and greater control to publishers. TCF v2.0 is therefore a superior product to TCF v1.1, with granularity in user choices that data protection authorities have asked for and features and functionality that publishers wanted to see. It is the version of the TCF that Google is implementing. TCF v2.0 will bring an important step-change in digital advertising legal compliance and in the perception of the industry held by regulators. |
| Why should I sign up to TCF if third party cookies will no longer be supported? | - The TCF is technology-neutral and does not exclusively focus on use-cases involving third party cookies. It aims at helping third parties in the digital advertising ecosystem establish a legal basis to process personal data, irrespective of the technologies used to do so. As long as third parties (i.e., that are not the user or the publisher) are involved in the value chain, the TCF delivers on its promise and remains a valuable privacy compliance asset. - The TCF is designed to be an evolving, future-proof and relevant instrument. IAB Europe and TCF's expert instances continuously evaluate and align the Framework with both regulatory and technological developments. |
| What are the main benefits of TCF v2.0? | TCF v2.0 has been developed to provide both users and operators of digital properties such as publishers and advertisers with greater transparency and control. Under TCF v2.0, not only can the user give or withhold consent, but they can also exercise their ‘right to object’ to data being processed on the basis of legitimate interests. It also enables greater transparency for the user, through more detailed and more easily understandable descriptions of the purposes of data processing.
The publisher can also exercise increased control over the purposes for which a vendor can process data collected on their digital property enabling greater customisation of the vendor operation. Vendors can more flexibly choose legal bases, allowing them to support different publisher and local market preferences. These increased levels of transparency and control throughout the supply chain support a more streamlined and transparent user experience. TCF v2.0 continues to support the overall drive of the TCF to increase user transparency and choice, management by digital properties of consent and compliance and industry collaboration that centers on standardisation. Specifically, TCF v2.0 supports: Choice with the introduction of signals that allow CMPs to offer users a streamlined means for users exercising the “right to object” to processing on the basis of a “legitimate interest”. Accountability with a more complete accommodation of the “legitimate interests” legal basis for data processing that allows vendors to receive a signal about whether their legitimate interests have been disclosed. Control with new, granular controls for publishers about the data processing purposes permitted by them on a per vendor basis. Compliance through greater support for the users of the framework in their application of the policies, terms and conditions and technical specifications with increased investment by IAB Europe in the resource to support compliance. |
| What are the main differences between TCF v1.1 and TCF v2.0? | Increased and more “user friendly” detail on purposes. Significant time has been spent tailoring the industry’s standardised processing purposes to make them even more granular and user friendly and to provide some standardised flexibility to publishers in how they wish to message these purposes to their users. There are now 10 purposes (as opposed to 5 in TCF v1.0) and 2 special purposes, 3 features and 2 special features.
A more complete accommodation of the “legitimate interests’ legal basis for processing personal data including signaling whether a vendor’s legitimate interest has been disclosed, and of a user’s “right to object” (RTO) within TCF v2.0 signals. Greater publisher controls that give publishers more granular control over the purposes for which personal data is processed by a vendor on a per vendor basis. v2.0 also allows a vendor to register as capable of operating on multiple legal bases for the same purpose and allows publishers to declare which legal bases they prefer in order to work with vendors for that purpose. This allows vendors to more easily operate in different markets where they and publishers may have different perspectives on the appropriate legal basis on which personal data may be processed. |
| Who should register for the TCF v2.0? | Any vendor or Consent Management Provider (CMP) that wishes to participate in the TCF must register with the TCF.
Vendors who wish to participate in TCF v2.0 must also complete the additional TCF registration required pages for TCF v2.0. The additional registration pages required for TCF v2.0 capture vendor details with respect to the updated purposes, legal basis and features that have been introduced for TCF v2.0. If you are a CMP and have already registered with the TCF then your registration will be updated by IAB Europe for TCF v2.0 when you have completed TCF v2.0 validation. See question below 'How do CMPs get validated for TCF v2.0? '. |
| Can the TCF apply to all inventory types in practice? | No. The TCF applies where information is stored and/or accessed on user devices and/or where personal data is processed. In an "addressability" context, TCF signalling merely supplements addressable inventories to provide information on user preferences with regard to any data collection or processing. Buyers should consider to what extent exclusive reliance on TCF signals may exclude ad inventory in environments that do not allow any data collection. |
| Switching over from TCF v1.1 to TCF v2.0 | |
| Where can I find more information on the differences in policies from TCF v1.1 to TCF v2.0 | Please refer to the deck that IAB Europe presented in the Policy 101 support workshop. This gives an overview of the main differences in Policy between TCF v1.1 and TCFv2.0. This session is for all TCF stakeholders. |
| As a vendor where can we access a test environment? | The IAB Tech Lab and its members have created a code library for processing TC Strings as well as a tool to encode and decode TC Strings: https://www.iabtcf.com
The IAB Tech Lab also provided an update on TCF v2.0 technical resources at a recent IAB Europe TCF v2.0 webinars slides can be found here and the recording here. |
| Where can I find reference implementations that demonstrate the UI? | In January 2020, IAB Europe produced a webinar called “It’s all about the first impression. How the CMP UI should look in TCF v2.0.” To view the recording, please check here: (https://iabeurope.eu/events/tcf-workshop-webinars-switch-over-from-tcf-v1-0-to-tcf-v2-0-support/) |
| How do CMPs get validated for TCF v2.0? | Once IAB Europe has processed your registration and payment of your administrative fee for the TCF you will be asked to take the CMP Validator test. The CMP Validator (Validator) is a tool that helps all CMPs who wish to be members of the TCF check their compliance with the TCF Technical Specifications and Policies.
The Validator is published in the Chrome Web Store in private mode and is only available to CMPs who are registered with the TCF. Details on implementation of the Validator can be found here. To access the Validator, please send an email from your organisation’s domain to: tcf.compliance@iabeurope.eu. Note: A Gmail or G Suite account is required to use the tool. Once we have received your email address, we will confirm that you have access to the Validator so that you can complete the test. Once you have returned a completed successful Validator test, you will be published on the IAB Europe website and also in a JSON file https://cmplist.consensu.org/v2/cmp-list.json for TCF v2.0. You will then be able to operate as a CMP in IAB Europe Transparency & Consent Framework (TCF) v2.0. For any questions, please do not hesitate to email framework@iabeurope.eu. |
| In a recent IAB Europe webinar for TCF v2.0 a new version of the TCF v2.0 Validator was demonstrated, when will it be available for CMPs to access? | CMP Validator updated with TCF v2.0 functionality will be available in the week commencing 9 March 2020. If you already have access to the CMP Validator through the TCF v1.1 compliance process then the Validator will automatically update when the new version is released. You may need to refresh your cache. The CMP community will be notified of this release. |
| What is involved in the CMP validation process? | The validation process requires the CMP to go through a number of technical and policy checks using the CMP Validator and return the results to IAB Europe who will verify the results before confirming that a CMP is compliant. |
| Does the validation process happen at registration only or will it be repeated? | The validation process will be repeated as part of the annual membership renewal. The validation process is the same for TCF v1.1 and TCF v2.0 BUT the list of checks are different in line with the Technical Specifications and Policies for each version. |
| Is it the responsibility of the CMP to determine if it is TCF compliant? | Yes, it is the CMP's responsibility to ensure that its implementations are compliant with the TCF Policy v2.0. If IAB Europe finds non-compliant installations the CMP is given notice to resolve these issues. If they remain unresolved after the notice period, the CMP is suspended from the TCF. |
| Where are the translations of the Purposes, Special Purposes, Features, and Special features and Stacks for the implementation of the TCF v2.0 CMP UI stored? | IAB Europe published translations for TCF v2.0 and they can be accessed at https://register.consensu.org/Translation.
If your language is not translated, please contact us at framework@iabeurope.eu. |
| Where can the list of registered CMPs and Vendors be reviewed? | To review the list of TCF CMPs, visit this page: https://iabeurope.eu/cmp-list/
To review the list of TCF Vendors, visit this page: https://iabeurope.eu/vendor-list/ |
| Is the TCF v2.0 TC string format finalized or could it change before June 30th? | The TCF v2.0 string format is finalised; the TCF managing organisation (IAB Europe) follows a strict process for managing changes that involves the TCF Steering Group, Working Groups and a public comment period. If you are an IAB Europe member and would like to join any of these groups to contribute to the development of the TCF then please contact framework@iabeurope.eu. |
| How can we save the PublisherTC when we are using the global string? | Service-specific TC String must contain a Core TC String and may optionally contain a Publisher TC segment, but must not contain the OOB-related segments because those segments are not allowed in service-specific contexts. The PublisherTC can be saved independently and then merged back into the global string - the javascript library here is currently being updated to enable this. |
| Updates to the GVL and resurfacing the CMP | CMPs are not obliged to resurface the CMP to the user when the GVL changes. It is up to the CMP/publisher to determine if the changes warrant resurfacing the UI. Note that until the UI is resurfaced for an existing user, all signals for new vendors added to the GVL since the user made their choices must be negative. |
| Does OOB allow you to store vendors who are not part of the TCF? | No OOB does not enable you incorporate vendors who are not part of the TCF into the TC String. |
| What is the process for InApp CMP validation? | If you have an in-app or non-Web based CMP you will not be able to use the Validator - please submit V2.0 non-Web based CMP form as part of the compliance process instead of using the Validator |
| TCF v2.0 Compliance | |
| Do standard names and definitions, legal text and user friendly text for purposes, special purposes features, special features and stacks need to be used in line with the TCF v2.0 Policy? | Standard names and definitions found in the TCF Policy must be used throughout the UI with no exceptions including the 1st layer. Please refer to the TCF Policy. They cannot be modified in different layers
For CMPs please note that this is also covered in the TCF v2.0 Validator by policy check 1, which relates to standard names and definitions being shown throughout the UI. |
| Should the UI refer to the names ‘Purpose’, ‘Special Purpose’, ‘Features’, 'Special Features’ and ‘Stacks’? | It is not necessary to refer to these terms in the UI. |
| Do we need to ask for consent per user or per device when our users are logged into several devices? | If the user is logged into several devices with the same username and password and therefore you are certain it is the same user, it is not required to get consent from the user again. |
| Is the TCF limited to cookies and device identifiers? Could the vendor share data with a partner / another vendor using PII such as hashed email addresses or is it out of scope? | The identifier is generated, determined or stored by the vendor. The vendor could use a hashed email instead of user id, providing this is disclosed to the user. |
| How does a publisher ask for consent for its own data processing and include this in the TC String? Does it need to register as a vendor? | Publishers need to get consent for their own data processing. They do not need to register as a vendor but can use the Publisher TC segment of the TC string - see the TCF v2.0 technical specifications. |
| What happens when the user resurfaces the UI? | When resurfacing the CMP UI, the TC string should reflect the choices made by the user when the UI was first shown. If the user makes changes in the re-surfaced UI then those changes must be reflected in the TC string. Consent that has been granted in the first instance would still be valid for data gathered until consent is withdrawn. |
| What should happen when the user clicks an “Accept…” button on the initial layer when there is an existing TC String? | The CMP is permitted to update the TC String with all consent signals set to ‘on’, as resurfacing the UI and selecting "Accept all" is considered as "Affirmative action". |
| What are publisher restrictions? | TCF v2.0 introduced the ability for publishers to signal restrictions on how vendors may process personal data:
Publisher restrictions are custom requirements specified by a publisher and must only be saved to a service-specific TC String. Please refer to the Technical Specifications |
| Who do I contact if I have a Q on TCF Compliance? | For questions on TCF compliance, please contact: tcf.compliance@iabeurope.eu. |
| Who do I contact if I have Qs that relate to TCF Policies, Technical Specifications, or technical implementation? | For questions on TCF Policies, Technical Specifications and TCF technical implementation, please contact: framework@iabeurope.eu. |
