Google has joined TCF v2.0 – What’s next for Publishers
IAB’s Transparency & Consent Framework
The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe and provide individuals with greater transparency and control over their personal data.
IAB Europe in order to help publishers, advertisers and ad networks comply with GDPR introduced Transparency & Consent Framework (TCF). An industry framework to standardize the process of getting the consent from the users and passing this information to the relevant vendors in the advertising supply chain.
The basic components of TCF are:
- Global Vendor List (GVL): It lists all registered and approved vendors and how each vendor processes user data (Consent or Legitimate Interest). All vendors including sell-side platforms (SSPs), demand-side platforms (DSPs), ad servers, and data management platforms (DMPs) used on a publishers’ site can apply to be part of the GVL.
- Consent Management Platform (CMP): It is the piece of technology a site uses to ask their visitors for their consent. The CMP can read and update the legal basis of a company that participates in the delivery of digital advertising (commonly referred to as a vendor) within a publisher’s website, app, or other digital content.
- Transparency & Consent String (TC String): It is a string that stores and encodes all the information disclosed to a user and the expression of their preferences for their personal data processing under GDPR. Putting it simple, the data in the consent string answers the question: “Which vendors and purposes did the user give consent for?”
How TCF works:
a. User browses the site
b. Site loads the CMP
c. CMP retrieves the latest GVL
d. User chooses their consent preferences
e. CMP encodes and updates the TC String
f. Vendors read the TC String and comply with the user’s choices
On August 15, 2020, IAB released TCF v2.0, a more comprehensive version of the Transparency & Consent Framework.
- Users are given greater control over how their data is processed and shared across the industry.
- Publishers gain greater control and flexibility in the way they integrate and collaborate with their technology partners.
TCF v2.0 takes better account of publishers’ needs as well as the evolving legal requirements and expectations from regulators.
Google supports TCF v2.0
Another major update that came along with the release of TCF v2.0 is that Google is participating in this version of the framework and has already began reading and passing the TC string for all ad requests.
Just a disclaimer here: Google might have joined TCF v2.0, but doesn’t explicitly require that publishers have a TCF 2.0 registered CMP. What is mandatory is to have a way of gathering the consent from the users and pass it to the ad server.
For publishers having implemented an IAB TCF v2.0 registered CMP, Google Ad Manager will automatically begin consuming the TC string from the CMP without the need for any additional configuration.
Required purposes and lawful bases
The following requirements apply specifically when Google is a vendor in the publishers’ CMP.
Google will not serve ads, not even non-personalized ads, if neither set of requirements above are met.
In order to make the rollout smoother for publishers, Google has introduced a TCF error report in Google Ad Manager and has given publishers a grace period to manage the errors and misconfigurations. During the grace period – that was recently extended till mid-January 2021 – the ad serving and monetization will not be affected for the most error categories.
According to publishers’ feedback, the most frequent error codes they receive are errors 1.1 and 2.1.a.
This error code indicates that Google, as a vendor, is not allowed under consent or legitimate interest. In other words, in case the user doesn’t give consent to Google’s ads.
Usually, this error is normal as long as the number of occurrences is in line with the users who chose not to give consent either in general or for Google explicitly. Therefore, it should not cause concern, unless it is abnormally high.
According to Google Ad Manager documentation, the error is described as “Tag or SDK isn’t receiving a TC string due to CMP status being stub, loading, or error.” This error is triggered when Google tags are called on the site before the user consent is given.
Most TCF vendors are applying a mechanism to check whether the TC string is available before they proceed. This way they can determine they have or have not the users’ consent to process their personal data.
However, this is not the case in Google’s logic. It is expected that users have made their preferences and the TC string is available before the ads are requested. It is under the publishers’ responsibility to apply the required conditional logic, otherwise this will result in error 2.1.a, check below:
source: www.iabeurope.eu / www.websequencediagrams.com
IAB Europe has reached out to Google to emphasize the importance of this issue for publishers, given that it requires extra integration work. However, there is no indication yet as to whether they will support this configuration in the future.
Publishers in order to secure ad serving and avoid any revenue implications, should make sure:
- They are using a TCF v2.0 compliant CMP and they have adopted the latest version.
- Their monetization partners are receiving the new consent signals properly.
- They are frequently monitoring the Google TCF error report for any abnormal behavior and they have applied a mechanism to call Google tags only when TC String is available.