What is IAB TCF 2.2?
The IAB Transparency and Consent Framework (TCF) is a set of technical specifications and policies that help publishers and advertisers comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive. TCF 2.2, the latest version of the framework, was released on May 16, 2023.
Updates in TCF 2.2
TCF 2.2 includes changes that are designed to improve the transparency and control that users have over their data. Some of the key changes include:
Legitimate interest is no longer a legal basis for advertising and content personalization
In TCF 2.2, vendors can only use consent as a legal basis for processing personal data for advertising and content personalization purposes. This change is in line with recent decisions of Data Protection Authorities, which highlighted that consent is the appropriate legal basis for such processing of personal data.
Greater transparency around data use to end users
The information that is provided to end-users about how their data is being processed has been improved in TCF 2.2. This includes more detailed descriptions of the purposes for which data is being collected and processed, with increased transparency around the categories of personal data processed within TCF, as well as the options that users have to control their data.
Businesses will need to ensure that their CMP user interface (UI) can be easily accessed by users where they can go in and modify their consent and preferences.
Technical updates
TCF 2.2 also includes technical updates, such as the deprecation of the getTCData command and the requirement for vendors to use event listeners to obtain the TC string.
These changes are designed to improve the performance and reliability of TCF, and will have a major impact on publishers, advertisers, and vendors.
- Publishers will need to update their consent management platforms (CMPs) to comply with the new requirements
- Advertisers will need to ensure that they are only using vendors that are compliant with TCF 2.2
- Vendors will need to update their systems and processes to comply with the new framework
Overall, TCF 2.2 is a positive step towards greater data transparency and control for users. The changes in the framework will make it easier for users to understand how their data is being used and to make informed choices about their privacy.
What does TCF 2.2 mean for organizations?
The changes in TCF 2.2 will have a significant impact on organizations that collect and process personal data. Here are some of the key things that organizations need to know:
Update consent management platforms (CMPs) to comply with TCF 2.2
This includes updating the text of the consent banners and pop-ups, as well as the way that consent is collected and stored.
Ensure all vendors are compliant with TCF 2.2
This means checking the vendor's privacy policy and making sure that they are using the TCF 2.2 version of the vendor list.
Update systems and processes to comply with the new requirements
This may include changes to the way that data is collected, stored, and used.
Organizations that fail to comply with the new requirements could face fines and other penalties.
3 steps to get started with TCF 2.2
If your organization collects and processes personal data, you need to start planning your migration to TCF 2.2. Here are 3 steps you can take now to get started:
1. Read the TCF 2.2 documentation
The IAB Tech Lab has published detailed documentation on the changes in TCF 2.2. This documentation will help you understand the new requirements and how to implement them.
2. Review your vendor list
Make sure that all of the vendors that you use are compliant with TCF 2.2. You can find a list of compliant vendors on the IAB Tech Lab website.
3. Update your systems and processes
You may need to update your systems and processes to comply with the new requirements. This may include changes to the way that data is collected, stored, and used. Businesses under the TCF must transition to TCF v2.2 requirements by November 20, 2023.
Regarding modalities, any TC strings created before November 20, under TCF v2.1 will remain valid even after the date, i.e. no re-surfacing requirement.
However, TC strings created after November 20 under TCF v2.1 will be considered invalid.
Websites and mobile apps will need to update their CMPs to comply with TCF 2.2. OneTrust Consent & Preferences has updated its CMP in line with the latest requirements and will notify customers who are using TCF templates about changes to be made to the platform.
Migrating to TCF 2.2 can be a complex process, but it’s important to get started as soon as possible. The sooner you start, the more time you will have to make sure that your organization is compliant.
Learn more about how OneTrust can help you comply with the latest TCF requirements.
