Interactive Advertising Bureau (IAB) is a non-profit global organization that sets standards for online advertising and marketing. Their Transparency and Consent Framework (TCF) is a technical framework for ensuring transparency and accountability in data processing by advertisers.
In this article, we will guide you through the process of achieving compliance with the Interactive Advertising Bureau’s (IAB) Transparency and Consent Framework (TCF) for using cookies in advertising. By understanding and implementing the IAB TCF guidelines, advertisers can navigate the evolving privacy landscape while leveraging cookies for effective advertising strategies.
If you are a publisher or a website owner depending on the ad revenue from your website or want to know more about IAB TCF compliance, this article is for you.
The Interactive Advertising Bureau was founded in 1996 in New York City. It was formed to structure the foundation for standardizing online advertising. IAB established various guidelines and formats for internet ads, such as banner ads and pop-ups. These standards were aimed at helping advertisers in providing effective ad campaigns for their businesses.
Over time, the IAB expanded its membership to include various stakeholders in the digital advertising ecosystem, including advertisers, agencies, publishers, and technology providers. It also established IAB branches and offices in several countries, extending its global reach. The organization now has 700+ companies, advertisers, agencies, media, and technology firms that collaborate to shape the digital advertising landscape.
The Interactive Advertising Bureau ( IAB Europe) introduced the Transparency and Consent Framework known as IAB TCF, which provided guidelines and best practices for advertisers and publishers to ensure compliance with GDPR for showing ads and personalized suggestions.
The first version of the framework, TCF v1.1, was launched in 2018 by IAB Europe. It provided a means of transmitting consent signals from a user to the vendor for publishers using a Consent Management Platform (CMP).
TCF guidelines were introduced to help businesses to establish trust with their users and be responsible for data handling and processing. Businesses can continue to show relevant ads to users while respecting their privacy.
Publisher, CMP, and Vendor – Definitions in IAB
Publisher: A Publisher is a website that displays ads from businesses (or vendors) to users. Publishers act as a medium between a user and a business.
CMP: Consent Management Platform (CMP) is a tool that enables websites, publishers, and organizations to collect and manage user consent for processing their personal data. It helps websites to comply with data privacy laws such as GDPR and CCPA.
Vendor: Vendors are companies that advertise with the help of publishers to serve ads to users. The IAB maintains a Global Vendor List that contains information about vendors and their data processing practices. This list helps publishers and CMPs identify and communicate with registered vendors effectively.
When a visitor lands on a website, they might see a popup or banner asking for consent to process their personal data. This popup or banner is provided by a CMP integrated into the website. Once a consent signal is received from the users, the website will be able to display ads to the users from the vendors.
IAB released the TCF v2.2 on May 16, 2023, with some updates to the existing regulations.
Below are some of the major changes with the latest version of IAB TCF.
- Legitimate interest cannot be selected for advertising or content personalization; only consent can.
- Instead of complex legal information, user-friendly descriptions are provided regarding features and purposes.
- Vendors now have to disclose more information, including the types of data they collect, how long they keep it, and if legitimate interest is used.
- Publishers must show the total number of vendors they work with on the first part of the CMP UI (banner, popup, or widget).
- CMPs must be redesigned to allow users to easily opt out of giving consent.
Also Read: WebToffee’s GDPR Cookie Consent Plugin Is Google Certified CMP Partner
According to GDPR guidelines, businesses can process the personal data of users only if it falls under the six lawful reasons for data processing. Businesses had to obtain explicit consent from users to process their personal data to show relevant ads or personalized suggestions.
To ensure compliance, the following requirements must be met when obtaining user consent:
- Consent should be specific and be obtained before collecting the personal data
- Users should be informed of what data is processed, how it is processed, and for what purpose
- Consent must be obtained with clear and affirmative action from the users
- Users should have the option to revoke the consent anytime
- Users have the right to request deletion of any personal data collected
- All the obtained consent should be recorded
If you are using WordPress CMS for your website, refer to our detailed guide on WordPress GDPR compliance.
To comply with IAB’s latest framework, you should have a CMP that supports the latest framework. You don’t need to feel overwhelmed by the TCF requirements, as we got the right solution for you.
Our GDPR Cookie Consent plugin can help you follow the IAB TCF v2.2 standards and lets you easily manage cookie consent for your WordPress website. We will discuss more about our plugin in the later part of this article. Now let’s look into the step-by-step instructions to set up a TCF-compliant consent management system on your WordPress website.
Step 1: Install and Activate the GDPR Cookie Consent Plugin
After purchasing the WordPress Cookie Consent plugin, you will receive an email with a link to download the plugin zip file. You can also download the plugin file from the My Account page.
- Now, log in to your WordPress admin account.
- Navigate to Plugins > Add New.
- Upload the plugin zip file, then install and activate the plugin.
Step 2: Enable IAB TCF for WordPress
From your dashboard sidebar, go to the GDPR Cookie Consent menu.
The plugin comes with a pre-set cookie consent banner that follows the EU’s GDPR law. However, we will need to make some adjustments to ensure it aligns with the IAB’s framework.
Enable the IAB TCF 2.2 support checkbox to enable the TCF framework to your cookie consent banners.
The plugin offers different configurations for privacy laws like GDPR and CCPA. Make necessary changes as per your requirements.
Step 3: Customize your Cookie Notice
Now, go to the Customize Cookie Bar tab.
Here you have some configurations to customize the cookie banner for your website. However, you should be aware that you don’t have much control over the cookie banner text as the plugin sets the banner text as per the TCF standards.
- Choose the colors for the banner and text.
- Select a font for the banner text.
- Now, choose the style for the cookie notice; Banner, Widget, or Popup.
- Select the load and hide the transition for the cookie notice.
Similarly, you also have the option to customize the appearance of the buttons in the banner from the Customize Buttons tab.
Click on the Update Settings button to save the changes.
Step 4: Previewing the Banner
Here’s how the banner will be displayed on the website’s front end.
Click on the vendors list link (our 529 partners) to view the vendors’ details.
You can view all the registered vendors from here. This enables your website visitors to give consent only to specific vendors or for Legitimate Interest only.
Navigate to the Purpose & Features tab to view the different purposes of cookies used.
From the Cookie Categories tab, you can view all the used cookies on your website based on different categories.
You have successfully configured an IAB TCF (v2.2) compliant consent management system on your website.
Also Read: WordPress Cookies: A Complete Guide
GDPR Cookie Consent Plugin – IAB TCF Ready
GDPR Cookie Consent Plugin is one of the advanced cookie consent solutions for WordPress websites. The plugin supports different privacy laws like GDPR and CCPA. You can display cookie banners as required by specific laws. The banner layout can be customized to match your website theme.
You can configure the plugin to enable the IAB TCF-compliant cookie banner on your website. With the click of a button, the plugin configures the cookie banner as per IAB requirements. Leaving no worries to you.
If you are confused about whether to choose a native plugin or go for a cloud-based CMP, check out our article: Why Do You Need a Native WordPress Consent Management Plugin?
Benefits of using the GDPR Cookie Consent Plugin:
- Full Compliance with IAB TCF v2.2
- Supports different privacy laws (GDPR, CCPA, CNIL, etc.)
- GDPR ready out-of-the-box
- Provide revisit consent option to site visitors
- Works within the WordPress dashboard
- Fully customizable cookie banners
- User consent logging
Check out the plugin page for more details: GDPR Cookie Consent Plugin
Frequently Asked Questions
IAB TCF (v1.1) was introduced in 2018 by IAB Europe. The TCF framework provided guidelines for businesses to comply with GDPR when processing personal data for online advertising purposes.
The TCF framework provides a channel for communicating the user consent data between publishers, vendors, and the consent management platform used in the publisher’s website. When a user provides consent, the CMP generates a consent string that contains the user’s consent preferences.
Vendors can query this consent string to check if they have the user’s consent for processing personal data. Based on the consent signals, they can determine whether they are allowed to process personal data for personalized advertising.
Global Vendors List (GLV) is a list of global vendors or advertisers registered with the IAB framework.
To register with the IAB framework, vendors have to follow the following conditions:
1. Modify their code so that cookies are not set until they receive consent from users or they have a legal basis for using cookies.
2. Specify the purpose for using cookies and the retention period of collected personal data.
3. Refrain from processing personal data until they have obtained explicit consent from the users.
Fill in this document to enroll as a vendor for the IAB framework.
Legitimate interest means a lawful basis for processing the personal data of users. When registering with the IAB framework, vendors have to specify the purpose and the legal basis for processing personal data.
If a vendor selects “Legitimate Interest” as the reason for processing data, the user doesn’t have to give their consent for that specific purpose. The vendor can process the data based on their legitimate interests without needing the user’s explicit consent.
Conclusion
Complying with the latest privacy standards is crucial for businesses operating in the digital space. The Interactive Advertising Bureau’s Transparency and Consent Framework helps websites to follow best practices in displaying advertisements to site visitors.
By understanding and implementing the IAB TCF standards, publishers and website owners can establish trust with users, comply with privacy regulations such as GDPR, and effectively manage user consent for data processing.
What are your thoughts on this article? Let us know in the comments.
Disclaimer: This article was intended for informational purposes only and does not represent legal advice. We have no intention of obtaining any kind of attorney-client relationship. If you are looking for legal advice, we recommend you contact a professional.
