Guest Columns
3 mins read

TCF v2.0 is a step in the right direction: 3 challenges to keep in mind during migration


Just two years after the first iteration of the IAB’s Transparency and Consent Framework (TCF) came into play, the AdTech ecosystem is being asked to upgrade to version 2.0. The IAB TCF was created to help publishers, advertisers and vendors comply with the General Data Protection Regulation (GDPR). IAB-certified Consent and Preference Management Platforms (CPMPs) are used by publishers to gather informed consent from users around what data is being collected through websites or apps, and who it will be shared with.

Version 2.0 seeks to provide both users and publishers with greater transparency and control. Under TCF v2.0, not only can the user give or withhold consent, but they can also exercise their ‘right to object’ to data being processed on the basis of legitimate interest. It also enables greater transparency to the user, through more detailed descriptions of the purposes of data processing.

In addition, TCF v2.0 is getting stricter when it comes to consent notice UI requirements. A much-needed change considering that 88% of current consent and preference management platform (CPMP) implementations do not meet the minimal requirements set by GDPR.

Following a deadline extension due to the global lockdown, publishers now have until August 15, 2020 to update their CPMPs to Version 2.0. Here are a few considerations publishers should be taking into account before migration:

  1. Upgrading is a technical and legal headache
    Upgrading from TCF v1.1 to TCF v2.0 requires as much technical and legal resources as the initial implementation. Publishers who built home-grown solutions the first time around will be questioning the sustainability of managing compliance in-house, realizing it’s not the one-time task they had originally hoped for. Continual nuances to the Data Protection Authorities’ (DPAs) interpretation of the GDPR means that compliance is a continual process requiring full-time, dedicated resources.

    The good news for publishers using a third-party CPMP is that all this technical and legal work lies with their vendor. Updating or installing a third-party CPMP will generally be straightforward.
  1. Compliance is a global and complex challenge.
    The introduction of TCF v2.0 comes just at the same time as we are seeing an influx of new privacy laws being created and enforced, such as the California Consumer Protection Act (CCPA) in the US. The lack of global consistency between regulations is starting to cause panic amongst the publisher community. The IAB has already created a separate framework, the conveniently named CCPA framework, to manage CCPA compliance across the AdTech ecosystem.  Understanding the complexity of updating just one framework, publishers are starting to realize the magnitude of the future challenge in managing multiple regulations and frameworks.
  1. Future consent rates could be lower. Stricter UI requirements in TCF v2.0 mean that publishers who use a CPMP, home-grown or third-party, that meets the bare requirements of TCF v1.1 are likely to see a big drop in consent rate in the future. With the prospect of a lower consent rate it’s more important than ever that publishers build, or look for a CPMP that includes, features optimized for advertising results.

While the update to TCF v2.0 presents major challenges to publishers and CPMPs, there’s no doubt it’s a step in the right direction. Greater transparency and control to users can only ever be perceived positively.  It’s no surprise that a framework designed to manage the first data protection law across the complex AdTech ecosystem would need more than one iteration to get it right.

Hopefully the industry can take learnings from this for the future. With more global regulations on the horizon, it would be hugely advantageous for the industry to find ways to aggregate as many regulations as possible into one universal framework to ease ongoing management.

Sarah Jones
Global Head of Product Marketing, Ogury

About: Sarah Jones is the Global Head of Product Marketing at Ogury, the creator of the first advertising engine driven by user choice. She creates marketing strategies and content that puts user consent at the heart of building a trusted mobile advertising ecosystem. Sarah has over 10 years’ experience in the technology sector as a product marketer, having previously worked at Criteo, Truphone and Samsung.