IAB Europe, IAB Tech Lab release revised GDPR-consent framework

IAB Europe and the IAB Tech Lab have launched the second iteration of the Transparency and Consent Framework (TCF) after spending a year gathering feedback from publishers, advertisers, digital protection authority groups and ad tech providers.

TCF 2.0 includes technical specifications and policy documents that outline GDPR-compliant processes for delivering digital ads and managing consumer data. This latest iteration states that consumers can not only withhold consent on data collection, but can exercise the “right to object” to how data is processed: “Consumers also gain more control over whether and how vendors may use certain features of data processing (for example, the use of precise geolocation).”

Publishers implementing TCF 2.0 will also be able to restrict how consumer data is processed by third-parties on the publisher’s website on a per-vendor basis.

“It is a framework for publishers, technology vendors, agencies and advertisers to clearly and consistently communicate with end users about how their data is being used, while also providing an opportunity for users to object,” said IAB Europe about TCF 2.0.

Why we should care

With GDPR already more than a year into existence and the California Consumer Privacy Act coming next year, data privacy regulations are top of mind for marketers. IAB Europe and IAB Tech Lab’s latest efforts aim to offer the digital ad industry a framework to help publishers, advertiser and ad tech vendors navigate data privacy regulations. But the reality is many in the ad tech space are being forced to manage consent — no small task when you consider the complexities around programmatic ad networks and technological layers involved across the digital ad industry.

“With the number of constituents involved and disparate regulatory interpretations across multiple jurisdictions, it was essential that the evolution of the framework was handled sensitively, with final specifications able to be adopted in a manner consistent with differing business models in a wide range of operational markets,” said IAB Europe CEO Townsend Feehan.

According to IAB Europe, the TCF 2.0 had to meet the needs of the 28 different markets within the European Union, “Each possessing a DPA that interprets the rules regarding GDPR compliance in different ways.”

IAB Europe also stated in the announcement that it is confident the updates to TCF 2.0 will allow UK companies to adopt GDPR-compliant RTB (real-time bidding) practices. But as recently as June, the UK Information Commissioner’s Office (ICO) released a report addressing concerns that RTB was not GDPR-compliant. IAB Europe said it has continued a close-working relationship with the ICO, but jury is still out on whether or not TCF 2.0 will satisfy privacy regulators even if it does provide more details for vendors and offers “right to object” measures.

More on the news

• IAB Tech Lab has been collecting comments on TCF 2.0 since April.
• While Google did not sign on to previous versions of the TCF, it said in February it would integrate this next version as a TCF vendor.

Opinions expressed in this article are those of the guest author and not necessarily MarTech Today. Staff authors are listed here.

About The Author

Amy Gesenhues

Amy Gesenhues was a senior editor for Third Door Media, covering the latest news and updates for MarTech Today, Marketing Land and Search Engine Land. From 2009 to 2012, she was an award-winning syndicated columnist for a number of daily newspapers from New York to Texas. With more than ten years of marketing management experience, she has contributed to a variety of traditional and online publications, including MarketingProfs, SoftwareCEO, and Sales and Marketing Management Magazine. Read more of Amy's articles.