Transparency and Consent Framework v2.0: what it is and why it is important for GDPR
We are proud to announce that Clickio Consent Tool is among the first CMPs to pass all conformity checks for the Transparency and Consent Framework (TCF) v2.0; the new version of the GDPR consent solution developed by IAB for the digital advertising ecosystem. This is important news for us, as it shows that IAB, the most important association for the digital marketing and advertising ecosystem, recognizes the reliability of Clickio’s products. Up until now, only 11 CMPs out of 74 passed the checks.
In this post, we will explain what IAB Transparency and Consent Framework v2.0 is, and why it is important for a publisher to adopt a CMP registered at this new framework to be compliant with GDPR.
- What is GDPR
- What is IAB Transparency and Consent Framework (TCF)
- What is IAB Transparency and Consent Framework (TCF) v2.0
- How GDPR affects publishers and their ad revenues
- What publishers need to do to be compliant with GDPR
- Clickio GDPR Consent Tool
What is GDPR
Oversimplifying the concept, GDPR is a set of rules that harmonize and strengthen data protection for individuals across Europe. It went into effect on May 25th 2018. Compared to previous European data protection laws, GDPR has some important differences.
First of all, GDPR expands the definition of personal data to IP addresses, cookies, mobile ad IDs and more. Additionally, GDPR is extra-territorial, meaning that it applies to all companies processing personal data of European Economic Area users, regardless of the companies’ location. For example, it applies to an American publisher in the moment a French user visits its website. It also sets higher standards for user consent, which must be “specific, informed, unambiguous, active and freely given” and easy to withdraw at any time. Last but not least, GDPR introduces stiff fines for non-compliance, up to 20 million Euros or 4% of global revenue.
The regulation applies to every company that collects and uses user data for targeting marketing activities, including ads. For this reason, every publisher that serves personalized ads to European users, either directly or by using partners (Google AdSense, Criteo, etc.), is affected by GDPR and must comply with it.
What is IAB Transparency and Consent Framework (TCF)
In order to make the GDPR compliance process coherent across the market, IAB Europe developed the “Transparency and Consent Framework”; a standard to easily collect consent from users and share it with the rest of the supply chain.
According to IAB, there are three kinds of companies involved in the process: publishers, vendors (tech providers such as DSPs, SSPs, DMPs, ad servers etc.) and CMPs (Consent Management Provider, i.e. companies that can read and/or set a user’s consent status for the vendors chosen by a website operator, and share this information within the advertising ecosystem).
By applying this framework, publishers can inform their users of what data is being collected, what vendors are going to use it and why. For each one of these items, users can give or deny consent, and their choice can then be shared with other players in the advertising market.
What is IAB Transparency and Consent Framework (TCF) v2.0
In August last year, IAB Europe announced the launch of the Transparency and Consent Framework (TCF) v2.0, the second version of the framework. This resulted from a 12-month review period, during which IAB collected and implemented feedback from all sectors of the digital advertising industry (notably publishers), and had meetings with Data Protection Authorities (DPAs) throughout Europe.
Among the main updates of TCF v2.0 there’s now the possibility for consumers to authorize or deny consent, as well as to exercise the “right to object” for their data to be processed. Also, consumers now have more control over whether and how vendors can use certain features of data processing, such as precise geolocation.
TCF v2.0 provides benefits to publishers too, giving them more control and flexibility on how to integrate and collaborate with their tech partners. For example, now publishers can manage data processing purposes on a vendor-basis. Furthermore, they can ensure more transparency for users, thanks to the introduction of more clear and detailed purposes for data processing and a higher flexibility in the way these purposes are described.
How GDPR affects publishers and their ad revenues
For publishers, being compliant with GDPR is essential if there are European users within their audience- otherwise, they could face hefty fines. But beyond this monetary aspect, there is also another reason why media owners should meet the requirements of this regulation. Giving users more information and control over the usage of their data could improve their relationship with the publishers, and increase trust in digital advertising. Two factors that are really important for the survival of the entire online ecosystem.
Nevertheless, when the market started to tackle the GDPR issue, most companies were worried that asking for user authorizations could negatively affect the advertising ecosystem, thus jeopardizing the possibility of monetizing digital properties. Common questions were: will users be willing to share their data? Will there be a lower number of targeted ads? Will there be any economic damage for publishers?
It turned out that, after a (probably normal) short period of confusion in the first few days after the regulation took effect, during which there actually was a drop in ads buying, the situation then normalized. The response from users was not that negative, and the market began to adapt to the new dynamics.
What publishers need to do to be compliant with GDPR
In the end, the GDPR issue is critical for publishers, regardless of whether they are settled inside or outside the EU borders. But, what do publishers need to do to be compliant with this regulation?
Certainly, a good strategy is to adopt a CMP registered at the latest version of the IAB framework, TCF v2.0. After some months of coexistence with TCF v1.1, the final transition to TCF v2.0 is scheduled for June 2020. At that point, the support for TCV v1.0 will end, and TCF v2.0 will be the only IAB Transparency and Consent Framework able to guarantee plain compliance with GDPR. So, it is very important for publishers to make sure that their CMP provider is upgraded for TCF v2.0.
Clickio is an IAB-approved partner, and offers its clients a specific tool that allows them to set consent workflows quickly and easily. Let’s take a look at it.
Clickio GDPR Consent Tool
Clickio Consent Tool is a solution that allows publishers to be fully compliant with GDPR in an easy and flexible way. It collects consent and shares it both with IAB Framework vendors and with Google Ads products. Clickio is officially registered as an IAB Consent Management Provider, and it is among the first CMPs to pass all the conformity checks for the Transparency and Consent Framework (TCF) v2.0.
Clickio Consent Tool offers full compliance with Google EU user consent policy and with requirements of other demand partners. It provides publishers with great flexibility to make their own choices. You can choose consent flow recommended by Google at Cookiechoices.org, as well as many alternative approaches.
If you would like to find out more information about Clickio Consent Tool, check out this website or contact us.