What is the IAB TCF Framework? Everything you need to know in 2024

With the publication of the IAB's TCF 2.2 framework businesses now have to ensure enhanced user control and transparency over data. In this article we are discussing what the TCF framework is, detailing things such as the fact that TCF 2.2 requires consent for specific personal data processing, aligning with GDPR rules and emphasizing consent as the legal basis for data processing. Businesses need to make technical updates and provide clear, easy-to-understand information to meet these strict consent requirements, which can be challenging.

Clym helps with TCF 2.2 implementation by offering a compliance tool that integrates the framework helping businesses simplify consent management, ensuring compliance with GDPR and user-friendly data processing.

Many businesses nowadays process the personal information of users in order to create content that is personalized which leads to concerns about the privacy of the data and creates an obligation for businesses to obtain consent for such processing, to ensure transparency, while also engaging in digital advertising. 

In order to address these concerns, the Interactive Advertising Bureau (IAB) introduced the Transparency and Consent Framework (TCF). Since its introduction back in 2018, this framework has become one of the tools for businesses and advertisers to navigate the complex terrain of data privacy and compliance. 

As of January 2024, Clym is proud to announce its approved status as the newest CMP to join IAB Europe's Transparency and Consent Framework v2.2 TCF. 

What is the IAB TCF Framework?

The IAB TCF is a standardized framework designed to facilitate transparency and obtain user consent in the digital advertising ecosystem globally. It provides guidelines and specifications that help organizations comply with data protection regulations, most notably the General Data Protection Regulation (GDPR) in the European Union. 

The IAB Transparency and Consent Framework (TCF) is used worldwide. It helps the digital advertising industry comply with privacy regulations, like the GDPR in the EU, by providing a standardized way to obtain and manage user consent for personal data processing in online advertising. Organizations globally can adopt its principles to improve user privacy and meet data protection laws.

What are the Key Elements of the IAB TCF Framework? 

1. Consent Strings: The TCF introduces the concept of "consent strings," alphanumeric codes conveying user consent preferences. These strings enable advertisers and vendors to understand the user's consent choices regarding data processing.
2. Purpose IDs: The framework categorizes data processing purposes into specific Purpose IDs. These Purpose IDs help in clearly defining the reasons for collecting and processing user data, ranging from analytics to personalized advertising.
3. Vendors, Publishers, and CMPs: The TCF distinguishes between vendors (advertising technology companies), publishers (owners or operators of online content or services where personal data is collected), and Consent Management Platforms (CMPs) responsible for collecting and managing user consent. This separation streamlines the communication process between websites and vendors, ensuring compliance with user preferences.

How does the IAB TCF Framework Help Businesses?

1. Facilitates Global Compliance: As data protection regulations evolve worldwide, the IAB TCF helps businesses navigate a complex web of regulations by providing a standardized approach to obtaining and managing user consent.
2. Enhances Users’ Experience: By enabling transparent communication about data processing activities, the TCF contributes to a more trustworthy online environment. Users can make informed choices about their privacy preferences, fostering a positive and respectful user experience.
3. Standardizes the Industry: The TCF serves as a common language for the digital advertising industry. Following these guidelines ensures uniformity and compatibility across various parties, including publishers, advertisers, and technology vendors. 

Clym assists businesses in seamlessly aligning with IAB TCF standards, ensuring compliance with the ePrivacy Directive and GDPR provisions. Our Consent Management Platform (CMP) streamlines user consent management, addressing the DSRs and meeting practical requirements for a standardized and trustworthy online experience.

What is the IAB TCF 2.2 Framework?

TCF 2.2 is the latest version of the Transparency and Consent Framework released by the IAB on May 16, 2023, which brought along several changes. IAB TCF 2.2 became effective as of November 20, 2023, by which date apps and websites that wished to display Google ads had to implement a consent management platform (CMP) which supported the 2.2 version of the IAB TCF and was also certified by Google, who announced all of this the same day the new TCF Framework was released, in their updates to their advertising policy.

What this means for publishers is that they have to ensure that there is a valid IAB TCF 2.2 signal for ads running in the EEA and the UK, if they want the ads to be displayed to users. 

What are the IAB TCF 2.2 Changes? 

Compared to previous versions, TCF 2.2 aims to enhance user control and transparency over their data, introducing key changes such as: 

• Focus on consent: aligning with the GDPR’s rules, legitimate interest can no longer be used for targeted ads or personalized content. Instead, vendors must now get consent for specific personal data processing. This aligns with recent Data Protection Authority decisions emphasizing consent as the appropriate legal basis for such data processing.
• Increased Transparency: users have to receive more details about data processing. This refers to vendor details such as retention periods, when legitimate interest applies, enhanced descriptions of purposes, increased transparency on personal data categories processed, and improved user options for data control.
• Clearer Information: Under TCF 2.2, information and descriptions are made simpler and more user-friendly so that everyone can understand.
• Improved CMP Accessibility: Publishers and CMPs must ensure that their Consent Management Platforms (CMPs) have easily accessible user interfaces for modifying consent and preferences.
• Technical Updates: TCF 2.2 introduces technical improvements, such as deprecating the getTCData command and requiring vendors to use event listeners to get refreshed information on user’s choices via  the TC string. These updates aim to enhance TCF's performance and reliability.
• Vendor Numbers: Consent Management Platforms (CMPs) must now list the total vendors seeking consent on the initial banner.

Clym’s consent management tool (CMP) now supports IAB TCF 2.2. Here is an example of how vendors are listed in the initial banner on a website: 

Clym serves as a crucial bridge fostering a seamless connection between publishers (companies) and users in the digital landscape. At the core of this interaction is our innovative Consent Management Platform (CMP), a powerful tool that empowers users to manage their privacy choices effortlessly.

Clym's user-friendly interface allows individuals to navigate and customize their privacy settings, ensuring a personalized and transparent online experience. This process involves users interacting with the CMP, making informed decisions about data consent. Simultaneously, vendors in the digital ecosystem receive these signals through the CMP, establishing a clear and efficient communication channel.

Clym's role extends beyond being a mere intermediary; it plays a pivotal role in facilitating a harmonious relationship between publishers and users, where privacy choices are respected, and transparency is upheld throughout the digital landscape. This intricate web of interactions not only enhances user control over their data but also strengthens the trust between businesses and their online audience.

What is the impact of the IAB TCF 2.2 Framework on Stakeholders? 

The IAB TCF Framework affects advertisers, vendors, and publishers as main stakeholders globally. The Framework offers a definition for vendor and publisher as follows: 

• Vendor: “a company that participates in the delivery of digital advertising or other online activities within a Publisher’s website, app, or other digital content, to the extent that company is not acting as a Publisher or CMP, and that either accesses an end user’s device or processes personal data about end users visiting the Publisher’s content and adheres to the Policies. A Vendor may be considered under the GDPR to be a Controller, a Processor, or both, depending on specific circumstances.”
• Publisher: “an operator of a Digital Property and who is primarily responsible for ensuring the Framework UI is presented to users and that Legal Bases, including consent, are established with respect to Vendors that may process personal data based on users’ visits to the Publisher’s content.”

In terms of impact, under IAB TCF 2.2, publishers have to update their CMP to comply with the new requirements, advertisers now have to ensure that they work with vendors who are compliant with TCF 2.2, and, last but not least, vendors have to update their systems and processes so as to align with the TCF 2.2.

Key takeaway? 

Overall, it seems that TCF 2.2 is a positive step towards increased data transparency and user control. The changes it brings simplify the way users understand and make informed choices about the use of their data, benefiting publishers, advertisers, and vendors.

How can Clym help? 

Clym plays a pivotal role in assisting businesses with the IAB TCF by providing a comprehensive solution for compliance and user privacy management in the form of a CMP that is easy to install and is already set up. Leveraging Clym's expertise, businesses can seamlessly integrate and adhere to the TCF standards, ensuring that their digital practices align with the ePrivacy Directive and GDPR provisions. Clym facilitates the implementation of user consent mechanisms, enabling businesses to navigate the complexities of data processing regulations.

Through Clym's platform, businesses can efficiently manage user consent preferences, address the 'right to object,' and meet the practical requirements set by Data Protection Authorities and legal guidelines. This not only ensures compliance but also fosters a standardized and user-friendly experience, enhancing trust between businesses and their online audience.

Convince yourself and see Clym in action today by booking a demo or reaching out to us to discuss your specific needs.