Skip links

What is IAB TCF 2.2? Everything Ad publishers need to know.

Google is at the forefront of all significant innovations, continuously changing the digital landscape.   

In the European Economic Area (EEA) and the United Kingdom (UK), Google has implemented additional requirements for publishers using its products, such as Ad Manager, AdMob, and AdSense, as part of its dedication to upholding high standards for data protection of its customers.  

When showing advertisements to users in the EEA or the UK, publishers are now required to use a Google-certified Consent Management Platform (CMP) integrated with the Transparency and Consent Framework (IAB TCF 2.2) of the Interactive Advertising Bureau (IAB).  

This article will provide an overview of the IAB TCF, significant updates in Google Ad manager TCF v2.2, Google’s new requirements, what these updates mean for your business, how to get started with TCF 2.2, and why you need a Google-certified CMP.  

What is IAB TCF 2.2?  

The Interactive Advertising Bureau (IAB) established the Transparency and Consent Framework (TCF) to facilitate compliance with privacy regulations like the General Data Protection Regulation (GDPR).  

It was initially introduced in 2018 to give consumers more transparency and control over collecting and using their personal data for online advertising.   

Let’s have a look at the parties involved:  

  • Publisher: an advertising-displaying website.  
  • CMP: Publishers can comply with data privacy rules by managing and obtaining user consent through the Consent Management Platform (CMP). 
  • Vendor: a third-party entity that the publisher collaborates with to deliver advertisements.

As mandated by the IAB TCF v2.2, publishers must present to visitors a consent banner explaining in detail the kinds of personal data they collect from them, why it is processed, and which third-party vendors are involved.  

The publisher sends the consent signal to the vendors if the visitor consents to data processing.   

This signal informs the vendors whether they can process user data for targeted advertising.  

TCF v2.2, the latest framework version, was released on May 16, 2023.  

Updates in IAB TCF 2.2  

The IAB released TCF version 2.0 in 2020, incorporating revised features and standards to accommodate the changing requirements of the digital advertising landscape.   

TCF 2.0 introduced the following updates:  

  • Increased transparency: TCF 2.0 gives users access to more comprehensive details about how their personal data is processed, including its purpose and legal basis.  
  • Increased user control: Users can now exercise their right to object to data processing on the grounds of legitimate interests and to provide consent for particular purposes and vendors. 
     
  • Better vendor management: The “stacks” feature of TCF 2.0 enables publishers to combine vendors and purposes, simplifying the process for users to manage their consent choices. 
  • Improved Google integration: Publishers using Google advertising solutions can be assured of easy compliance as Google has wholly linked their ad systems with TCF 2.0.  
     

In response to the decision made by the Belgian Data Protection Authority, the IAB released TCF version 2.2 on May 16, 2023.  

The significant changes in this version are as follows:  

  • Removal of the legitimate interest basis for personalization of content and advertising.  
  • User-friendly explanation of the features and purposes in place of the existing legal text. 
     
  • More details about the vendors, such as the kind of data they collect, how long they keep it, and if they have a legitimate interest.  
  • The total number of vendors will be included in the CMP’s initial layer.  
  • The CMP UI should be easily accessible by users to withdraw consent. 
     
  • Technical upgrades in TCF 2.2 include the requirement for vendors to use event listeners to obtain the TC string and the deprecation of the get TC Data command.  

These updates, intended to enhance TCF’s reliability and performance, will significantly affect vendors, publishers, and advertisers.  

TCF 2.2 is a step in the right direction toward giving users more control and transparency over their data. 

Thanks to the enhancements made to the framework, users will find it simpler to make informed decisions regarding their privacy and comprehend how their data is being used.  

Google’s new CMP requirements  

Google released new CMP standards following the release of the finalized TCF v2.2 to promote a uniform and reliable approach for publishers and consumers.  

Google has advised anyone using its publisher products for displaying advertisements to consumers in the UK or the EEA to use consent management platforms (CMPs) certified by Google that comply with the latest version of the IAB TCF.   

The above requirements affect how the following Google’s publisher products are used:  

  • Google AdSense   
  • AdMob  
  • Google Ad Manager  
     

CMPs must integrate with the TCF to be certified and fulfill Google’s additional consent standards when dealing with publishers.  

What does IAB TCF 2.2 mean for your business?  

The organizations that collect and process personal data will be significantly impacted by the changes made to TCF 2.2.   

The following are some essential details that organizations should be aware of: 

  • Updating CMPs  

TCF v2.2 requires consent management platforms (CMPs) to be updated.  

This includes updating the text on consent pop-ups and banners and collecting and storing consent procedures.   

  • Verifying that every vendor complies with TCF 2.2.  

This involves ensuring the vendor uses the TCF 2.2 version of the vendor list and reviewing their privacy policy.  

  • Updating systems and procedures as per the new requirements  

This may involve changes to the methods for collecting, storing, and using data.  

Businesses that violate the new regulations risk fines and other consequences.  

Steps to get started with TCF v2.2  

Plan to transition to TCF v2.2 as soon as possible if your company collects and uses personal data.   

Here are three simple steps to get you started:  

1. Read the TCF 2.2 documents 

The IAB Tech Lab has released comprehensive documentation regarding TCF 2.2’s updates.   

You will better understand the new requirements and their implementation with this documentation.  

2. Examine your list of vendors  

Verify that every vendor you work with complies with TCF 2.2. The IAB Tech Lab website has a list of compliant vendors.  

 3. Make system and process updates 

Your processes and systems need to be updated to meet the new requirements.   

This includes changes to the methods for collecting, storing, and using data.  

By November 20, 2023, businesses covered by the TCF are required to switch to TCF v2.2 requirements.

Regarding modalities, there is no need for resurfacing any TC strings created before November 20 under TCF v2.1; they will stay valid even after that date. 

On the other hand, TC strings made with TCF v2.1 after November 20th would be considered invalid.  

Why do you need a Google-certified CMP?  

TCF will now be required to participate in Google’s ad tech ecosystem.  

However, it’s crucial to ensure your CMP is Google-certified and integrated with TCF v2.2 rather than just using any CMP that complies with TCF.  

Below are some of the reasons why:  

  • To show personalized ads  

If any misconfigurations in your CMP don’t follow Google’s guidelines, you won’t be able to display personalized ads.   

This implies you can only display non-personalized advertisements to users in Europe and the United Kingdom unless Google approves your CMP.  

  • To increase ad revenue  

Your ad revenue may significantly decline since you won’t be able to run personalized advertising.  

This is particularly valid for publishers who receive a significant amount of traffic from Europe. 

  • Compliance with the regulations  
     

For publishers whose revenue model depends on targeted advertising, TCF is essential. 

It lowers the chance of non-compliance and gives publishers a standardized method for collaborating with third-party vendors.  

The implementation of TCF v2.2 must be completed by November 30th, 2023. 

Therefore, switch to a certified CMP before this date if you want to keep using personal information for targeted advertising.  

Conclusion and the way forward  

In summary, the IAB TCF 2.2 is a significant step in the evolving field of digital advertising, especially in the EEA and the UK, where Google has enforced new regulations.  

Version 2.2 of the framework saw significant updates in response to user requests and regulatory changes to improve transparency and user control.   

Google’s requirement that certified CMPs comply with TCF 2.2 emphasizes how crucial compliance is. 

Companies need to adapt quickly by amending CMPs, ensuring vendor compliance, and bringing systems in alignment with the new requirements. 

To comply with TCF v2.2, websites and mobile apps must upgrade their CMPs.   

PrivacyPillar Data Pirvacy Solutions, is a Google-certified CMP that is fully compliant with IAB TCF v2.2 for business owners like you.

Although migrating to TCF 2.2 can be complicated, PrivacyPillar makes your business seamless compliant with IAB TCF and global regulations in less than 30 minutes. 

Not sure? Start with a 14-day FREE TRIAL and see it yourselves.

FAQs 

1. What is IAB TCF 2.2?

IAB TCF 2.2, or Interactive Advertising Bureau Transparency and Consent Framework version 2.2, is a set of guidelines established by the IAB to facilitate compliance with privacy regulations like GDPR. It enhances transparency and user control over personal data used in online advertising, with the latest version released on May 16, 2023.

2. What are the key updates in IAB TCF 2.2?

The significant updates in TCF 2.2 include the removal of the legitimate interest basis for personalization, user-friendly explanations of features, more details about vendors, and technical upgrades for reliability. These changes aim to provide users with better control and transparency over their data.

3. What are Google’s new requirements for CMPs under TCF 2.2?

Google requires publishers using its products in the EEA and the UK to employ a Google-certified Consent Management Platform (CMP) integrated with IAB TCF 2.2. This ensures uniformity and reliability in compliance, affecting products like Google AdSense, AdMob, and Google Ad Manager.

4. Why do publishers need to use a Google-certified CMP for TCF 2.2?

A Google-certified CMP is necessary for personalized ad display, avoiding revenue decline, and ensuring compliance with regulations. Misconfigurations may prevent showing personalized ads, impacting revenue for publishers relying on targeted advertising.

5. What are the steps to transition to TCF 2.2 for businesses?

Businesses should update CMPs, verify vendor compliance, and make system and process updates as per TCF 2.2 requirements. This involves updating consent pop-ups, reviewing privacy policies, and implementing changes to data collection, storage, and usage methods.

6. Why is updating CMPs crucial under TCF 2.2?

TCF 2.2 mandates updating CMPs to comply with new requirements, including text on consent pop-ups and banners, and collecting and storing consent procedures. Failure to update CMPs can lead to fines and other consequences for violating regulations.

7. What are the consequences of not complying with TCF 2.2?

Non-compliance with TCF 2.2 regulations may result in fines and other legal consequences for organizations that collect and process personal data. It is crucial for businesses to adapt quickly to avoid such penalties.

8. When is the deadline for implementing TCF 2.2?

The implementation deadline for TCF 2.2 is November 30th, 2023. Businesses covered by TCF must switch to TCF v2.2 requirements by this date to ensure compliance with the latest framework.

9. Why is TCF v2.2 important for user privacy and data transparency?

TCF v2.2 is crucial for enhancing user control and transparency over personal data used in digital advertising. The framework provides users with more details about data processing, vendors, and purposes, aligning with privacy regulations like GDPR.

10. How can businesses ensure vendor compliance with TCF 2.2?

To ensure vendor compliance, businesses should verify that every vendor they work with adheres to TCF 2.2. The IAB Tech Lab website provides a list of compliant vendors, and businesses should review vendors’ privacy policies to ensure alignment with TCF 2.2.