Understanding TCF v2.2: Implications and Opportunities for App Publishers

The challenge of complying with GDPR and ad tech regulations is mounting for game publishers delivering targeted ads to consumers.

Several fresh obligations are on the horizon for these firms, as the Internet Advertising Bureau (IAB) has rolled out TCF v2.2 to improve user experience and meet regulatory expectations.

This article explains what TCF v2.2 is, how it impacts app publishers, and some best practices they can follow.

TCF v2.2 is the second iteration of the Transparency and Consent Framework (TCF) framework launched in 2016. It includes policy changes that affect how consumers can grant or withhold consent while exercising their ‘right to object’ to processing their data.

TCF v2.2 also offers users more control over how app publishers may use data processing features like geolocation data.

Some of the major changes include:

• User consent replaces legitimate interest as a legal basis for advertising and content personalization.
• Legal disclaimers related to data collection and processing are must-haves instead of user-friendly descriptions.
• Vendor disclosures must reveal collected data categories, data retention periods, and an indication of legitimate interest application.
• App publishers will have to display the total number of vendors used on the consent management platform’s first layer.
• CMP redesign is mandatory to enable users to exercise their right to opt out of offering consent.

These latest rules demand game publishers to be cautious about collecting and assigning consent data, ensuring user transparency and choice. Companies registering for the TCF must reveal the data they collect and utilize in their ad campaigns. They also must exercise caution about how vendors and technology partners process personal data on publishers’ websites on a per-vendor basis.

TCF v2.2 puts the power back with users who can share, revoke, or refuse consent at any time. To avoid the risk of non-compliance, app publishers must adhere to a standardized approach when collaborating with third-party vendors. In the TCF v2.2 era, app publishers need to pay close attention to the following areas.

TCF v2.2 requires app publishers to explicitly mention how they process personal data and cookies. App developers must disclose the user data they collect, why, and the methods and tools they use for processing the data. They should also give users the right to withdraw consent at any time and to object to data processing.

Thanks to TCF v2.2, app publishing companies can now exercise more control over how their vendors and tech partners handle user data. For example, publishers can set custom requirements specifying how every vendor processes user data collected on their website. Besides, app companies can limit the purpose of data processing, for instance, for ad personalization or visitor analytics.

Vendors can register as capable of operating on multiple legal bases and publishers can indicate their preferred legal bases for partnering with vendors. This allows vendors and publishers to navigate different markets with varying legal regulations for processing personal data.

TCF v2.2 necessitates that publishers identify all third-party partners participating in data processing operations and the legal bases which these vendors follow. End-users must be able to access:

• Categories of data collection
• Data retention period on a per-purpose basis
• Legitimate interests at stake (when applicable)
• URL declaration support in multiple languages

The purpose of informing users about data processing in advance is to empower them to make informed decisions about their data.

App publishers must ensure that they work exclusively with TCF v2.2 compliant vendors. By doing so, all parties involved adhere to the same standards, which reduces the risk of non-compliance. You can refer to the TCF v2.2 compliant CMP list to verify whether your CMP provider adheres to TCF v2.2 regulations.

Usercentrics is a leading Google-certified CPM that complies with TCF v2.2 standards. Thousands of apps in 180+ countries rely on this consent management platform to meet GDPR, CCPA, LGP, and POPIA compliance.

TCF v2.2 can impact how much money app companies make. App publishers may lose programmatic ad revenue when informed users decide to opt out of personalized ads. Publishers who get most of their traffic from the EU will feel this revenue drop. Still, it’s best to adopt TCF v2.2 since most programmatic ad platforms will eventually stop advertising on websites that haven’t implemented it.

Let’s explore the benefits and challenges that app publishers may face with TCF v2.2.

TCF v2.2 aims to improve how digital properties manage consent and compliance, while enhancing consumer transparency and choice. App publishers will come across opportunities and challenges as the ad tech ecosystem adopts the newest TCF policies.

The benefits of implementing the TCF v2.2 framework include:

• Improved collaboration as data protection bodies and vendors move toward an industry standard for collecting, managing, and exchanging user data.
• Greater control and flexibility since TCF v2.2 allows publishers to choose what data they share with vendors on a per-vendor basis.
• Legitimate interest provisions allow publishers to meet CMP providers’ legal interest requirements, while offering data processing transparency to users.
• Better consumer privacy compliance as TCF v2.2 puts the power back with users to grant or deny consent to different data types publishers collect and process.

Now, let’s go over some challenges app publishers must keep in mind while migrating to TCF v2.2.

• Technical and legal challenges await publishers who use in-house solutions to meet and manage compliance. They must allocate full-time resources to remain fully compliant with the GDPR regulations set forth by Data Protection Authorities (DPAs). The best solution is to use a CMP since all technical and legal responsibilities are on the platform provider, who specializes in ensuring compliance.
• Lower consent rates will pose a bigger challenge for publishers using home-grown or third-party CMPs that don’t adhere to the TCF v2.2 UI requirements. A Usercentrics study surveying 250 EU apps shows that 90% of all apps don’t meet GDPR regulations and the ePrivacy Directive. That’s why it’s best to switch to a TCF v2.2 compliant CMP offering ad result optimization features.
• The influx of new privacy laws is another challenge for publishers who need to adhere to multiple regulations, including CCPA and GDPR. While updating one framework is comparatively more straightforward, handling numerous frameworks can be challenging. Using a single CMP platform to meet different compliance regulations is the way forward.

Tackling these challenges becomes easier when publishers team up with TCF v2.2 compliant CMP partners to handle user consent storage, management, and processing.

A CMP makes it easier for publishers to figure out what consent they need, find preferred vendors, and display data processing purposes in multiple languages. CMPs can also retain user choices, while enabling users to opt out or withdraw previously-granted consent.

Achieving TCF v2.2 compliance may seem challenging but isn’t impossible. What you need is an ecosystem that lets you seamlessly connect with vendors and users. Follow these best practices to stay compliant in the post-TCF v2.2 era.

• Help users make informed decisions by providing them with the complete list of data processing partners and legal bases used by your organization.
• Explicitly mention data storage policies that publishers and their third-party partners follow.
• Obtain data processing consent before working with users’ data like cookies, IP addresses, and device identifiers.
• Let users access the list of third parties who may process users’ data. This can be done with a simple disclaimer link like ‘view our partners’.
• Inform users about the consequences of consenting or not. Publishers can’t prevent users from accessing their website or mobile app for not consenting.
• Provide users the right to modify consent choices. They should be able to update, withdraw, or revoke consent choices.
• Notify users in case legitimate interest is being used as the legal basis for data processing.
• All call-to-action buttons must have equal visual prominence. If the available options are “Agree” and “Learn More”, they should both be presented as either buttons or links.

These best practices will help you provide transparency to users, while delivering personalized experiences based on the data you collect.

Newer data privacy laws and policies keep shaking up the digital ad world. For example, the TCF v2.2 framework focuses on so many things, including users’ right to object to data processing, UI requirements for CMPS, and other transparency measures. Keeping up with all the changes is hard for publishers, but a CMP makes it easier.

One such CMP is Usercentrics—an all-in-one consent and preference management platform. This customizable CMP for apps and games publishers makes it easier for you to obtain, manage, and optimize consent, while meeting data privacy regulations.

Want to secure ad revenue while complying with TCF v2.2? Book a consultation call today to ensure a swift transition to TCF v2.2.