TCF 2.0 FAQs: all answers at a glance

TCF 2.0 came into force on 15th August 2020. We have summarised for you the most frequently asked questions about TCF itself and the implementation via the Usercentrics CMP.

The Interactive Advertising Bureau Europe (IAB Europe) is an international business organisation for the online advertising sector. In its own words, the organisation represents the interests of companies from the digital advertising and media industry, ensures consistency and standardisation and serves to improve the use of digital advertising channels for advertising customers.

Anyone who runs a website can potentially be affected by TCF 2.0. However, the TCF is primarily relevant to advertisers and publishers who are directly related to the end user (e.g. through a Web page, app or other content) and whose core business is to monetize their own content through advertising – for example, by displaying digital advertising, collecting user information, or performing measurement or analysis and working with third parties to do so. 

The “Transparency and Consent Framework (TCF)” of the International Advertising Bureau Europe (IAB) is a technical standard spanning multiple sectors for the retrieval and transfer of a user’s consent signals between publishers and third party providers who have committed themselves to the framework (e.g. Google, Criteo, Quantcast or Taboola). The framework thereby establishes a “common language” on whose basis all participants in the advertising value chain can communicate, and which enables marketing to be conducted legally in the future via these channels. 

From 15th August 2020, vendors who have committed themselves to the framework will request consent from users to further process their data and/or to run advertising in the form of an IAB TC string which can only be created by an IAB-certified Consent Management Platform (CMP).  The CMP in use by publishers who have activated TCF 2.0 will not block any vendors who have committed themselves to TCF 2.0. The information on whether or not the vendors may use the personal data which has been received is available in the TC string. The vendors are themselves responsible for ceasing the use of personal data if the user has not granted consent.

Detailed information regarding TCF 1.0 and TCF 2.0 can be found here. 

The Usercentrics CMP will continue to support TCF 1.1 until 15th August 2020. Parallel to this, it is already possible to update your settings in our CMP interface to version 2.0. You will then be equipped with version 2.0 before the end of the IAB transition period.

TCF 1.1 will no longer be supported by IAB from 15th August 2020. This means your present setup will no longer be supported, advertisements will no longer be run, all of which may have negative implications for your advertising revenue. 

All information regarding the implementation process in the Usercentrics CMP can be found here. Our Customer Success Team will help you with any further questions. 

The TCF 2.0 provides exact guidelines on how the CMP should be graphically designed and which content must be presented to the user at which user levels. However, with areas such as colour, fonts, background and the placement of the company’s logo, there will continue to be scope for creativity to a certain extent. Thus, customisation to the company’s CI will still be possible. Furthermore, you can continue to label the individual layers yourself and add further texts to the banner and privacy policy. The texts displayed on the buttons can also be freely selected (e.g. the Reject/Accept buttons).  

The guidelines of the TCF, according to the current situation, provide for asking for personal privacy settings via a centrally placed Privacy Wall.

All vendors who have committed themselves to TCF 2.0 can be found on the Global Vendor List (GLV) which is updated weekly by the IAB.

Yes. Google will, in all likelihood, integrate TCF 2.0. The current situation and further information for publishers can be found here. 

Yes. Publishers will also still be able to work with vendors who have not committed themselves to TCF. However, TCF 2.0 stipulates that it must be clear for the user whether the vendor is from the IAB’s Global Vendor List or if it is a non-IAB vendor. For this reason, the framework recommends clearly listing both groups separately. 

This is possible. You can add these services to your configuration as before in the Usercentrics Admin Interface via the menu option “Service Settings”. 

You can add these services to your configuration in our Admin Interface via the menu option “Service Settings”. However – for reasons of transparency and user friendliness – it is recommended that you do not incorporate the entire list but limit yourself to third party providers to whom data will actually be forwarded for processing.

Every time the user is shown the privacy banner e.g. on the first visit to the website or when the user wishes to change his or her personal privacy settings, the TCF 2.0 requires that this occurs based on the newest version of the Global Vendor List (GLV).

The TCF 2.0 guidelines do not, however, require that users check and update their selection every time the GVL is updated. The user’s TC strings may, however, not be updated without the user interface being presented once again and the privacy settings preferences queried. 

It lies at the discretion of the CMP and/or the publisher to decide whether changes in the GVL compared to a previous version used to confirm the user’s privacy settings justify the banner being shown again. 

The TCF 2.0 guidelines merely require that users are reminded every 13 months at the latest of their right to revoke their consent and/or to object to the processing of their data.

No. The information about vendors who are registered on the Global Vendor List (GLV) is comprehensively laid down by the IAB and can be amended neither by Usercentrics nor our customers. These texts are automatically entered into the Usercentrics database, updated weekly and publishers can then incorporate them into their CMP. 

Information regarding non-IAB vendors can be generated as before from our own service database and it also remains possible to generate custom DPS here. These providers/services will retain the current lock logic through our CMP.

With the update of TCF 1.0 to TCF 2.0 the number of purposes has increased from 5 to 10. The publisher can now combine several purposes as “stacks” to make it easier for the end user to stay on top of things provided the IAB’s requirements are fulfilled.

No. According to TCF 2.0 guidelines the first layer must contain only an action request for the user such that he or she can provide consent (e.g. “Accept”, “OK”, “Allow” etc.) and provide an option to amend the selection (e.g. “advanced settings”, “customise selection” etc.).  TCF 2.0 guidelines do not require an action request in the first layer which enables the user to revoke consent. It is up to the publisher whether or not to show a “Reject” button in the first layer if you wish to do so or if local laws require it.

No. With TCF 2.0 only the purposes for which third-party providers use data and the stacks need to be listed. At present, there is no obligation for CMPs to offer users a granular selection option at first. However, it is up to the publisher whether to offer this via the CMP anyway or carry out appropriate amendments if local laws should require this.

TCF 2.0 offers publishers the option to define which legal bases and for what purpose your users’ personal data can be processed by the respective vendor. Publishers can thereby define customer requirements in accordance with their own commercial and legal considerations, e.g. the exclusive use of explicit consent as a legal basis or, for example, only allow certain processing purposes with selected providers.  

TCF gives publishers two options for how you may wish to share your consent information:

Global Scope: If the user makes a consent decision on a website, this will be stored as part of the framework and all other websites working with a CMP activated for TCF 2.0 and who operate in Global Scope have the ability to access this consent information. Important to know: If the user sets his or her privacy settings in Global Scope, these settings shall be binding for all parties participating in Global Scope. Important: This also applies for cases in which the user does NOT grant consent. For example, if a user makes the decision not to provide consent on another website, all other websites from the group must likewise respect this decision.

Service Specific Scope: Only privacy settings relating to the website for which they were requested are valid here.

Important: Google has announced that it will only support TCF 2.0 in the Service Specific Scope. Further information can be found here.

Yes. The guidelines of TCF 2.0 allow publishers to administer and save their own legal bases in their CMP for a variety of data processing purposes. This also applies explicitly for processing purposes which are not supported by the framework. This information can be found in the “Publisher TC Segment” of the TC string which serves to ensure seamless transfer of the publishers’ legal bases to the vendors with whom they work.

No. No exact definition or guideline can be found in the guidelines of TCF detailing how user consent (e.g. explicit or implicit) is to be obtained. By implication, publishers therefore have the option to regard “continuing to scroll” as user consent.

Further information can be found on the official website of the IAB or on in our article “TCF 2.0 explained – the most important new features at a glance”.