TCF v2.0 – What is it and Implementation for Google Publishers

TCF v2.0 stands for The IAB Europe’s Transparency and Consent Framework (TCF) v2.0. This consent policy provides better transparency, control and accountability for consumers and publishers.

Most of the app and website visitors do not exactly know what cookies are being stored on their mobile and system. This framework of TCF v2.0 gives more knowledge to the visitor about the data the ad networks and related vendors are collecting from you. It also provides a way to give consent to collect such information.

Related –

• The Best #1 Real Estate Plugin in 2020 –  Complete Review
• [Review] #1 Best AMP Plugin in 2020 – Ideal Settings

TCF v2.0 gives the authority to site and app visitors to grant or withhold consent to the “data being processed” by different ad and related vendors. There are different stakeholders in this TCF 2.0 consent implementation on an app or website.

1. Vendors
2. CMPs
3. Publishers
4. Agencies and Advertisers

What is the Transparency Consent Framework (TCF)?

In order to comply with the EU GDPR law, IAB has brought a new policy called TCF in 2018 to protect consumers rights.

This is applicable to publishers, advertisers and media agencies.

This framework tells the visitors what data is being collected when they visit a publisher site.

Related –

• How to Add Schema Markup (2020) to WordPress site – Beginners Guide
• WP Review Pro – Best #1 Star Rating Plugin of 2020

Vendors also must disclose how they intend to use this information. Which type of vendors are using it which includes advertisers and media agencies. Visitors can give consent to store cookie information or reject data processing by the vendors, ad networks and agencies.

The earlier GDPR law which was introduced to disclose information about cookies to visitors did not fully comply with honesty and had no choice to reject the data processing of ad vendors and companies.

TCF gives more power to the consumer and visitor, giving them more insights into what data is being collected, stored, measured and processed.

Ads will not display if the visitor does not give consent to storing cookies or trackers.

How TCF v2.0 Works

A typical diagram on how TCF is useful to the general public of the Internet and other stakeholders, can be seen in this picture below.

https://iabeurope.eu/events/iab-europes-transparency-consent-framework-tcf-v2-0-information-webinar-for-publishers/

What does TCF v2.0 contain

In this consent framework, there are 10 purposes, special purposes to some of them and 3 features. Using the consent form, visitors can give consent to these purposes and other features or deny access to them. The following are the list of purpose and other features.

• Purpose 1: Store and/or access information on a device
• Special Feature 1: Use precise geolocation data
• Special Feature 2: Actively scan device characteristics for identification
• Purpose 2: Select basic ads
•                 3: Create a personalised ads profile
•                4: Select personalised ads
•                5: Create a personalised content profile
•                6: Select personalised content
•               7: Measure ad performance
•               8: Measure content performance
•               9: Apply market research to generate audience insights
•             10: Develop and improve products
• Special Purpose 1: Ensure security, prevent fraud, and debug
• Special Purpose 2: Technically deliver ads or content
• Feature 1: Match and combine offline data sources
•               2: Link different devices
•               3: Receive and use automatically-sent device characteristics for identification

How to Implement TCF v2.0

There are about 500+ vendors and 70+ CMPs that implement TCF v2.0. In order to implement the TCF rules and regulations, you have to take help of the Consent Management Platform (CMP).

Using this software tool, publishers can obtain, manage and propagate consumer content. This is generally done through the help of a piece of code called TC String.

Related –

• Quantcast Choice – How to Prepare the CMP form for TCF 2.0 Implementation in WordPress
• How to use Ad Inserter Pro for TCF v2.0 in WordPress

Depending upon the software and platform publishers are using, they pass this TC String and cookie data to relevant ad vendors and agencies like Amazon, Microsoft, Google etc.

This video talks about using Quantcast as a CMP provider. How to create a consent form using it. It takes only ~10 minutes to create this form on Quantcast dashboard. It can then be implemented on your CMS using various tools. 

This video talks about the implementation of TCF v2.0 consent form on a WordPress site. It takes help of Ad Inserter Pro plugin to pass the TC String to the ad vendors.

How does Google Support TCF v2.0

It was made clear that Google will comply with TCF v2.0 rules and regulations by Aug 15th, 2020. All the ad systems of the search engine giant will integrate with IAB Europe’s Transparency and Consent Framework (TCF) v2.0. Google has supported the development of TCF as a member of TCF Working Group.

As per this guide, Google gives a 90 day grace period from Aug 15th to publishers to implement TCF v2.0 on their site, making it work properly and meet the policy regulations. TCF v2.0 applies to ads served on publisher inventory and not Google owned and operated inventory.

Publishers can implement the new version of TCF or still use the old version by using Ad Technology Provider controls. TCF v1.0 was launched in 2018 across Ad Manager, AdSense and AdMob.

https://blog.google/products/admanager/google-integrates-iab-europe-tcf-v2/

What is Transparency & Consent String (TC String)

TCF v2.0 consists of purposes, special purposes, features and special features. TC String is a piece of software that encapsulates relevant details of TCF v2.0 transparency and consent rules.  Defined by the policies and for the participating ad agencies and vendors.

TC String stores this consent to all these TCF v2.0 rules and regulations. Security and Privacy. Encode all the information disclosed to the web site visitor or app user. The purposes, policy related features and all data displayed related to TCF.

How is TC String Useful

Consent is necessary from the visitor. This is for personal data processing. It is a major part of TCF standard. Encoded information is a resultant of the displayed policies, rules etc. Encapsulated in the TC String. It acts as a mediator in passing the data from the CMP through the display of consent form and transmit to the ad agencies.

Visitor gives consent to all the purposes, store and access special information, give access to personalized ads etc. This is all stored in the TC String.

This is an additional support to the “Accept” cookie or privacy information bar displayed in the previous GDPR law. Publishers did not disclose data of personal cookies stored, demographic information, information processing, data management to the visitor.

But this TC String is useful to store and encapsulate data. Visitor can recall consent to cookies or trackers. TC String helps to pass this information.

What does TC String contain

A TC String contains the following information:

1. General metadata: standard markers that indicate details about a TC String such as its encoding version, when it was last updated, and when it was initially created as well as details about the conditions of the transparency and consent values it contains such as the Global Vendor List version used, the CMP used, etc.
2. User consent: a user’s expression of consent given for processing their personal data. A user’s consent is expressed on two levels: per Purpose and per Vendor.
3. Legitimate interest: the record of a CMP having established legitimate interest transparency for a vendor and/or purpose and whether the user exercised their “Right to Object” to it. This includes signals for Purposes in general and Purposes declared specifically for a given Vendor.
4. Publisher restrictions: the restrictions of a vendor’s data processing by a publisher within the context of the users trafficking their digital property.
5. Publisher transparency and consent: a segment of a TC String that publishers may use to establish transparency with and receive consent from users for their own legal bases to process personal data or to share with vendors if they so choose.
6. Out-of-band (OOB) legal bases: two segments expressing that a Vendor is using legal bases outside of the TCF to process personal data. The first segment is a list of Vendors disclosed to the user and the second is a list of Vendors that the publisher allows to use out-of-band legal bases.
7. Specific jurisdiction disclosures: the country in which the publisher’s business entity is established or the legislative country of reference and a record of whether Purpose 1, “[to] store and/or access information on a device,” was disclosed to the user since some jurisdictions handle this Purpose differently.

Source: https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20Consent%20string%20and%20vendor%20list%20formats%20v2.md#about-the-transparency–consent-string-tc-string

What is TCF v2.0 for publishers

The advantage with TCF v2.0 for publishers is that they bring more transparency to the visitors. Restricted usage of personal information by the vendors and ad networks, even before the visitor sees the consent form.

They can lay “restrictions” on their website or app, to process data and per legal purpose.

They can toggle on and off the required purposes.

Visitors will have more confidence in the publisher when he sees this consent form on his site. But most of the consent forms increase the page or app loading time which can be detrimental to user experience.

If the visitor does not give consent, ads may not display. Ad Revenue can plummet.

What are the typical errors related to Google and TCF v2.0

If you are implementing Google Adsense or Google Ads or AdMob or such related Google Ad products, you are likely to encounter TCF v2.0 errors, if you have not implemented the consent form and passed on the TC String.

• Error 1.1: This occurs if the user doesn’t give consent to Google’s ads. This means that almost any website will get at least some 1.1 errors. This error is perfectly normal as long as the number of occurrences is in line with the number of users choosing “Reject” on the cookie notice (if implemented), or disabling ad tracking manually through the TCF preferences. This error, therefore, should only cause concern if it’s abnormally high;
• Error 2.1a: Upon investigating directly with Google, it has emerged that Google will not serve ads, not even non-personalized ads, if the user has not expressed a preference in regards to cookies. We support two main implementation methods for our Cookie Solution, illustrated here. If you work with Google ads, and you’re getting this error you must mandatorily use the first method.
• Error 4.1: This error occurs when the TC string being generated is using a version of the Global Vendor List (GVL) that doesn’t include Google, because it was collected pre-August 1st (i.e before Google joined the GVL). You can fix this error by setting “invalidateConsentBefore”: “2020-08-01” (available in beta and current, not yet in stable), as per example here.

Though there are different ways to close these errors, each CMP has its own way of solving them.

What if you don’t implement TCF v2.0 with Google Adsense

As of Sept 2020, I have not seen many publishers who have implemented the TCF v2.0. This is using the consent form with the help of different CMP providers given on the IAB Europe site. This is still in its nascent stage.

But in early Aug 2020, I received some 2.1 and “unknown” errors in my Google Adsense account. There was also a warning message that said that I had to implement the TCF to comply with EU GDPR standards.

I tried to implement the TCF v2.0 solution using Quantcast as CMP and with help of a WordPress plugin called Ad Inserter Pro to pass the TC string. It worked successfully in legal terms of TCF v2.0. When I gave consent Google Ads displayed and when denied it did not display.

But this was causing loss of revenue. It also slowed my page performance. Due to these and other factors I removed the TCF implementation. I reverted back to the old GDPR implementation of a cookie notice and TCF v2.0 warning message disappeared.

I think still there is time to implement the TCF v2.0 and you will not be penalized immediately. But at least you need to implement the old GDPR standards and wait for other popular publishers to talk about this problem.