IAB Transparency and Consent Framework (TCF)
In order for ExoClick and its clients to comply with GDPR and the ePrivacy Directive, ExoClick has implemented TCF.
What is the TCF?
The Interactive Advertising Bureau (IAB) runs the Transparency & Consent Framework (TCF) – a collaborative solution for businesses conducting targeted advertising in compliance with GDPR. The purpose of TCF is to standardize how businesses - publishers, ad tech vendors, and agencies – can continue running advertising in a way that is compliant with GDPR & the ePrivacy Directive. Adhering to the IAB Transparency and Consent Framework (TCF) is crucial for Ad Servers, Publishers and other Ad Tech Vendors who are looking to be fully compliant with GDPR & the ePrivacy Directive, as well as keeping up to date with evolving guidance and legislation. The framework provides guidelines for Consent Management Platforms (CMPs) to inform website visitors as to the purposes for which data is being collected, how it will be used and how visitors can give or withhold their consent.
What is a TC String?
Technically, TCF relies on the Transparency & Consent String (TC String). It contains all the user choices when it comes to accessing or storing information on their device and the use of their personal data as well as the publisher preferences when it comes to vendor use of data. In this way, it serves as a means of communication within the TCF.
The TC String can be communicated either via OpenRTB (e.g. in a bid request) or in the following URL parameters:
- gdpr: contains a flag (0,1) that informs if GDPR & ePrivacy applies.
- gdpr_consent: contains the TC String (base64 string).
What pieces of information are stored in the TC String?
- Metadata concerning the consent (version of the TC String, last update, version of the provider list, etc.)
- The purpose for which the providers may use the data.
- Which providers have received the user’s consent.
ExoClick will respect the end user’s choices when it comes to cookie and data consent. You, as a Publisher, would simply need to integrate your site with a TCF compliant CMP and ExoClick will do the rest by automatically detecting if the site is working with such CMP. From there ExoClick understands the end user's choices on consent and serves ads accordingly.
Important Note: TCF support is only available for ad zones using asynchronous scripts; make sure to use the latest version of our scripts that mention “async”.
What are the legal bases for data usage under TCF?
There are 2 legal bases for which vendors can process data under TCF. These are:
- Consent: The data to be stored and processed requires consent from the end user.
- Legitimate Interest: Legitimate interest is based on an overriding benefit of using personal data without obtaining consent. For example to ensure fraud prevention and provide flexibility for the vendors to operate across different legal systems while respecting individuals' rights.
What purposes are defined with TCF for the processing of user data?
Data can be gathered and processed by vendors for the following purposes as laid out in TCF, and in line with the following allowable lawful bases.
- Store and/or access information on a device - Consent.
- Use limited data to select advertising - Consent or Legitimate Interest.
- Create a personalized ad profile - Consent.
- Select personalized ads - Consent.
- Create a personalized content profile - Consent.
- Select personalized content - Consent.
- Measure ad performance - Consent or Legitimate Interest.
- Measure content performance - Consent or Legitimate Interest.
- Understand audiences through statistics or combinations of data from different sources - Consent or Legitimate Interest.
- Develop and improve services - Consent or Legitimate Interest.
- Use limited data to select content - Consent or Legitimate Interest.
TCF Special Purposes:
- Ensure security, prevent fraud, and debug - Legitimate Interest.
- Deliver and present advertising and content - Legitimate Interest.
- Save and communicate privacy choices - Legitimate Interest.
The TCF Purposes that ExoClick uses are listed in section 3. e of its Privacy Policy.
What does this mean for Publishers?
It is recommended that ExoClick’s publishers integrate with a CMP that is IAB TCF compliant. ExoClick platform will provide transparency on all the relevant consent needed from the end user to display ads.
To find out whether a third-party CMP provider is TCF compliant or not, you can look into the CMP list provided by IAB Europe.
If you have any questions regarding TCF and Cookie Consent please speak to your Account Manager or a Customer Success Manager here.