IAB TCF 2.0: How to become Compliant with Secure Privacy

By Blog, Data Privacy, IAB

The role of Consent Management Providers (CMPs) is to offer a user interface to guarantee transparency, obtain consent, and register objections from users in IAB’s TCF 2.0.

Therefore, the CMP API in IAB’s TCF 2.0 offers a standardized way for participants, such as the hosting publisher or an advertising vendor, to access these preferences overseen by the CMP.

What is a CMP under the IAB TCF 1.0 and 2.0 Frameworks?

Primarily, Consent Management Providers (CMPs) offer the technical solutions that manage user consent for processing information on the publishers’ websites.

Under the IAB TCF framework, they signal the end user’s consent settings to the vendors operating in the current website.

Why Did IAB Europe update TCF 1.0 to 2.0

Essentially, effective management of technical systems over time need continuous consultation with both users and the broader pool of stakeholders.

In IAB Europe’s context, the primary stakeholders comprise publishers, advertisers, media agencies, technology providers, and Data Protection Authorities (DPAs).

Therefore, the incoming transition from IAB’s TCF 1.0 to 2.0 is based on feedback from regulators and publishers in this industry focused on improving the system to serve the community better.

Primarily, IAB’s TCF 2.0 is geared towards guarantee consumers improved transparency and choice, while offering more control to publishers at the same time.

What does the TCF Provide for CMPs?

Typically, IAB’s TCF 1.0:

  • Offers the technical guidelines that enable CMPs to capture, store and signal consent in an industry-standardized way
  •  Allows CMPs to get global consents gained by other publishers and CMPs
  •  Captures which vendors are operating in the TCF and the purposes that they wish to process personal data for so that the user interface can be updated and users informed as is appropriate
  •  Alerts CMPs when vendors use legitimate interest or consent as a legal basis for processing personal data for a given purpose so that users can be informed as necessary

What does IAB TCF 2.0 Mean for CMPs?

IAB TCF 2.0 offers improved degrees of transparency and control across the entire advertising supply chain to augment a more streamlined and open user experience.

Essentially, it supports the wider interests of this ecosystem through explicit signaling of whether transparency has been extended to consumers regarding the processing of their information under the legitimate interest legal basis, and whether the user has rejected such processing.

Similarly, it supports the industry by accommodating consent as a legal basis for processing personal information.

For this reason, under IAB TCF 2.0 users can either give or withhold their consent, in addition to exercising their right to object the processing of their information under a legitimate interest basis.

Additionally, IAB TCF 2.0;

  • Facilitates better transparency for the consumer via more comprehensive explanations of the purposes of data processing
  • Allows publishers to impose more limitations on both the purpose and legal bases upon which a vendor can process data collected on their digital property. This aspect allows for enhanced customization of vendor operations.
  • Enables vendors to process under legitimate interest if they are not limited by the publisher, or objected to by the user

How do I become Compliant with IAB TCF 2.0?

Secure Privacy is one of the few registered CMP’s that has updated its solution to meet the requirements of IAB’s TCF 2.0.

Since the framework is widely supported by the online advertising industry, Secure Privacy has adopted it as an alternative to the core cookie blocking framework of Secure Privacy to ensure a smooth transition from IAB’s TCF 1.0 to TCF 2.0.

Our solution meets the following requirements under the GDPR that are consistent with TCF 2.0’s obligations;


  • User Notification


As your CMP, Secure Privacy ensures that consumers are aware of what data is processed and for what purpose, such that they know what they are giving their consent to.


  • Express Action


Our solution ensures that consumers give consent to the use of cookies based on true choice as opposed to being coerced into accepting their deployment.


  • Affirmative Consent


Using Secure Privacy as your CMP for IAB TCF 2.0 also ensures that consent provided through affirmative and unambiguous action in accordance with GDPR requirements.


  • Notice


Our solution also ensures that an alert is communicated to users before the initial data processing occurs.


  • Ability to Withdraw Consent


According to the GDPR, consumers should be allowed to withdraw consent easily. Secure Privacy ensures that users can withdraw consent as easily as they gave it.

It is important to note that Secure Privacy is an IAB registered CMP. For this reason, we are obligated to partner as a CMP with publishers that are in full compliance with IAB Framework policies.

In case you have additional concerns or queries regarding IAB TCF 2.0, and how to integrate Secure Privacy as your preferred CMP, book a call with us today and get personalized support from a data privacy expert.