Things are going well, but there are opportunities for improvement
Since its release in Spring 2018, the IAB Europe Transparency & Consent Framework (TCF) has seen significant uptake. Already, it is the largest collaborative effort by the advertising industry to programmatically provide users with notice and choice about how their data is processed. It has been a key pillar in the advertising industry’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) compliance efforts. More than 460 registered Vendors are receiving and responding to consent signals created by Internet users interacting with over 170 registered Consent Management Platforms (CMPs) spanning thousands of websites and apps. EU users have more transparency and control than ever before.
Despite its success, the TCF remains a relatively new standard with potential for improvement. This is why IAB Europe and its members have been working on a Version 2 since the TCF’s initial release. Version 2 will add new capabilities, including some intended to provide Publishers with greater control over how Vendors collect and process the personal data of Internet users visiting their websites or apps. It will also provide more flexibility to Vendors in supporting Publisher and Advertiser needs. And, of course, TCF Version 2 will further enhance transparency and control for Internet users.
IAB Europe and its members have also been monitoring the way companies implement the TCF and continue to identify opportunities for improvement. As the TCF is relatively new, it is only natural that despite best efforts some companies and implementations fall short of expectations. For the TCF to be successful, it is critical that all involved implement it correctly, which is why IAB Europe’s first priority is to ensure that CMPs are educated about the proper use and implementation of the Framework. We want to achieve this by continuing and improving our education efforts in the market. But to ensure adherence to technical specifications and Policies and enhance trust in the reliability of the Framework we must ultimately do even more. That is why in the coming months IAB Europe will also be leading a CMP compliance review program, working closely with CMPs to support adherence and compliance with TCF technical specification and Policies.
But what do we mean by CMPs? When IAB Europe refers to CMPs it refers to a defined term in the context of the TCF. Specifically, we mean the entity responsible for providing transparency to users about which Vendors want to process their personal data and for which Purposes using information published on the Global Vendor List (GVL), requesting user’s consent to the processing of their personal data, and creating and sending signals about user choices to Vendors in the form of a consent string.
CMPs must register with IAB Europe, and agree to adhere to TCF technical specifications and Policies, including UI/UX requirements. CMPs within the TCF receive a unique CMP ID that identifies a consent string as having been generated by a specific, identified, registered CMP. IAB Europe maintains a public list of registered CMPs and their assigned CMP IDs, which can be consulted to determine which CMPs are registered and what their CMP IDs are. It is not possible for non-registered CMPs to send TCF-compliant consent strings.
While IAB Europe will be providing more detailed formal implementation instructions to CMPs in the coming months as it finalizes updates to the TCF, this blog series will focus on some of the most common issues we have identified with respect to CMPs.