The TCF is a cross-industry, open-source standard created to help all parties who display and manage digital advertising and personalise content to comply with key provisions of the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) when processing personal data or accessing or storing information on a user’s device.
Developed by IAB Europe and National IABs in collaboration with organisations and professionals across the digital advertising and publishing industries, the first version of the TCF was launched on 25 April 2018.
It enables first and third parties to establish a GDPR legal basis for data processing by soliciting and recording user choices based on information disclosures required by the law, and transmitting those choices via a standardised signal to vendors working with publishers. The information disclosures and collection and logging of user choices are done using a Consent Management Platform (CMP).
CMPs provide transparency, and collect, store, and - where appropriate - share consent information across the advertising ecosystem in order to ensure compliance with the GDPR.
Over the last five months, the TCF Compliance Team was tasked with validating all the registered TCF CMPs. A CMP Validator was built as a Chrome browser extension, which enables the tool to be run on any site, allowing it to analyse live CMP installations.
The analysis presents information related to the implementation of the TCF technical specification, including data returned from the CMP API as well as the contents of the consent string. The Validator allows any CMP to be manually checked for a number of common compliance issues, where a CMP implementation does not adhere to the TCF technical specifications and/or TCF Policies.
Today, CMPs that passed all compliance checks were officially published on the website and awarded the official TCF v1.1 Complaint Seal. Over 150 CMPs have been through the validation process, with 131 of those passing the test.
Those CMPs that have been unable to develop and test a fully compliant version of their CMP will be suspended temporarily. This will signal to vendors that the consent string carrying the IDs of those CMPs are not valid and should not be acted on or transferred to other vendors. From today, all suspended CMPs that have not demonstrated an interest in complying with TCF policies and technical specifications will be definitively deactivated, and their ‘consensu.org’ sub-domains decommissioned.
Commenting on the launch of the Validator tool, Townsend Fehan, CEO, IAB Europe said: “The CMP Validator is a comprehensive testing tool, built with ease of use and comprehensive feedback as key considerations. It is an example of the commitment of IAB Europe and National IABs to help companies comply with European privacy and data protection law and ensure the longer-term sustainability of the ad-supported Internet.”
A CMP’s failure to accurately read and record consumers’ choices not only reduces a publisher’s revenue and an advertiser’s opportunity to reach its audiences, but also exposes every part of the value chain to legal liability and potentially significant financial penalties, not to mention reputational brand damage, says IAB. The IAB Europe CMP Validator therefore provides essential affirmation and assurance to both tech partners and publishers that TCF participation means adherence to the highest standards of privacy and regulatory compliance.
The list of CMPs that have successfully passed the Validator compliance test is now publicly available.