November 6, 2023

Understanding IAB TCF v2.2 Compliance: A Comprehensive Guide to Consent Framework

Discover the intricacies of the Interactive Advertising Bureau (IAB) Transparency & Consent Framework (TCF), its evolution to version 2.2, and the significance of compliance. Learn the roles, requirements, and impact of the TCF, along with insights on achieving GDPR-compliant cookie consent using Secure Privacy.

What is the Transparency & Consent Framework (TCF)?

The Transparency & Consent Framework (TCF) is an industry-standard framework developed by the Interactive Advertising Bureau (IAB) to provide a standardized way for publishers and advertisers to obtain and manage user consent for the collection and use of personal data for digital advertising purposes. The TCF is designed to help businesses comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other privacy laws around the world.

What is the purpose of IAB TCF v2.2?

IAB TCF v2.2 is the latest version of the TCF framework, released in May 2023. It includes a number of improvements over the previous version, such as:

  • Increased transparency and user control: TCF v2.2 gives users more control over how their data is used, and requires publishers and advertisers to provide more transparency about how they collect and use data.
  • Greater flexibility for publishers and advertisers: TCF v2.2 gives publishers and advertisers more flexibility in how they implement the framework, while still ensuring that user consent is obtained and managed in a compliant way.
  • Compliance with the latest privacy laws: TCF v2.2 is designed to help businesses comply with the latest privacy laws, such as the GDPR and CCPA.

How does the IAB Transparency and Consent Framework Work?

IAB’s consent model is fundamentally different from the plugin/cookie blocking consent model used in Secure Privacy and other consent management solutions. 

In general, IAB’s model puts control in the hands of advertisers and vendors by signaling the user’s consent to advertising vendors. 

However, Secure Privacy can block non-consented vendors and thereby gives control to the publisher, who is liable to ensure data protection for all tracking performed by third parties on the publisher’s website.

With this fundamental difference in the design, Secure Privacy introduces a new setting to enable Interactive Advertising Bureau (IAB) Europe which updates your existing cookie banner and privacy center. The users have a choice to select IAB banners over Secure Privacy banners.

The cookie banners and privacy banners are fully IAB compliant meaning as a registered CMP, Secure Privacy has passed all the UI/UX and technical requirements of the IAB framework.

What is TCF compliance?

TCF compliance means that a business has implemented the TCF framework in accordance with the TCF specification and policy. This includes obtaining user consent for the collection and use of personal data, providing users with clear and concise information about how their data is being used, and using a TCF-certified consent management platform (CMP) to manage the consent process.

Who is the IAB TCF designed For?

The primary objective of IAB Europe’s Transparency and Consent Framework is to help actors in the digital advertising chain guarantee that they can be ePrivacy Directive and GDPR compliant. 

The need to comply with these EU data protection regulations is connected to how advertisers handle personal data or accessing and/or keeping information on a consumer’s gadget such as cookies, advertising and device identifiers among other tracking technologies.

Who are the Main Participants in the IAB Europe Transparency and Consent Framework?

As already highlighted, the collaboration between IAB Europe and IAB Tech Lab to establish the transparency and consent framework is to facilitate harmonized engagements among 

  • Advertisers (Vendors)
  • Digital publishers 
  • Consent Management Platforms (CMPs)


In the ad tech sector, vendors are described as third-party promoters that operate in partnership with publishers. Primarily, advertisers showcase third-party content on the publisher’s webpage. 

Consequently, vendors are responsible for the placement of tracking technologies such as cookies on users’ browsers to facilitate the showcase of appropriate ads to target consumers. 

Digital Publishers

Within the Interactive Advertising Bureau’s transparency and consent framework, publishers are identified as media channels that host digital content. Primarily, these are the platforms to which consumers seek access. 

For this reason, publishers rely on showcasing third party content, which may be in the form of either a video ad or a blog, for example, to monetize the volume of traffic seeking access to their platform.

In most cases, the monetization of views from content such as video advertising is handled through ad networks that employ real-time bidding to position ads strategically, to ensure that the relevant audience is reached.

Consent Management Providers

The ad tech industry is not exempt from GDPR and ePrivacy Directive data protection requirements in relation to transparency and user consent. This is where the role of CMPs is vital in the IAB Europe Transparency and Consent Framework. 

Essentially, Consent Management Providers provide the technical solutions that oversee user consent for the processing of consumer data on the publishers website.  

In the process, they ensure you are ePrivacy Directive and GDPR compliant by signaling the consumers’ consent preferences to advertisers on the website being accessed.

What is the TCF specification of the IAB?

The TCF specification is a technical document that outlines the requirements for implementing the TCF framework. It includes information on how to obtain user consent, how to manage consent preferences, and how to interact with the TCF Global Vendor List (GVL). The TCF specification is available for free on the IAB website.

What is TCF compliant?

A business is considered TCF compliant if it has implemented the TCF framework in accordance with the TCF specification and policy. This means using a TCF-certified CMP to obtain user consent and manage the consent process.

What is the TCF 2.2 policy?

The TCF 2.2 policy is a document that outlines the specific requirements for complying with the TCF v2 framework. It includes information on how to obtain user consent for different purposes, how to manage consent preferences, and how to interact with the TCF GVL. The TCF 2.2 policy is available for free on the IAB website.

How do I get GDPR compliant cookie consent with Secure Privacy?

To get GDPR compliant cookie consent in IAB 2.0, you need to use a TCF-certified CMP. A consent management platform (CMP) is a software platform that helps you obtain user consent and manage the consent process in a compliant way.

Secure Privacy's TCF-certified CMP makes it easy to get started and ensure that your website is GDPR-compliant.

How to Enable the IAB Transparency and Consent Framework with Secure Privacy

To enable the IAB Consent Framework you need to navigate to Banners and then Settings. Go to the IAB Tab and click on the checkbox to enable the IAB. The IAB tab should look like this.


Once you enable IAB, the default cookie banners will be replaced and the IAB cookie consent banner will appear for users. The new cookie consent banner will look similar to the image displayed below when expanded.


Similarly, your privacy center is also updated and will look similar to the image displayed below.


Some of the key points you need to take into account in this context include;

a) Please note that Secure Privacy as a registered IAB CMP is under the obligation to work only with publishers that are fully IAB compliant. 

By enabling the IAB framework in Secure Privacy, you confirm to comply with these policies.

b) Enabling IAB TCF will replace your cookie consent banner text, and remove the plugins and trackers found, Instead it will start showing Vendors, Purposes and Features.

c) Similar to the cookie consent banner, the privacy center will also be replaced with Vendors, Purposes, and Features.

d) Currently, the Interactive Advertising Bureau’s (IAB Europe) banners are supported in the English language only.

e) Consent management is also modified to track the advertisers and purposes.

How to read the consent details as a vendor (for developers)

To read the individual user’s current consent state on a website, ping the following command every 500ms until result.cmpLoaded equals true (when consent has been loaded or submitted) in the callback:

window.__cmp('ping', null, function(result) { console.log(result) });

To retrieve the BASE64-encoded consent string after that, execute the following command and read the value of result.consentData in the callback:

window.__cmp('getConsentData', null, function(result) { console.log(result) });

In case you have additional concerns or queries regarding IAB TCF 2.0, and how to integrate Secure Privacy as your preferred CMP, book a call with us today and get personalized support from a data privacy expert.

Start your Free Trial