A lot has changed in ad tech after the implementation of GDPR, especially for online businesses (including publishers) catering to EU residents. GDPR brought significant changes to how publishers collect and process user data, by mandating businesses to inform users about how their personally identifiable information (IP, device IDs, location) is collected, stored, and used.
Following the implementation of GDPR in EU, the state of California formulated its own privacy regulation called the California Consumer Privacy Act (CCPA). Although CCPA is not enforced yet, it’s scheduled to be effective from 2020. The general idea of CCPA remains the same as GDPRーrecording consent and informing people about the use of their personal data.
In outline, these privacy laws sound similar, however, the technical details vary a lot. For instance, both laws define personal data differently. As a result, for businesses operating from multiple locations, it can be tricky to keep up with these laws while working with the user data.
Since various state- and country-wise laws complicate business, ad tech needed a standard solution. This is what IAB’s Transparency and Consent Framework (TCF) is about.
What is the Transparency and Consent Framework?
On March 2018, IAB announced the Transparency and Consent Framework. Within a few weeks, IAB rolled out additional updates for the framework and released TCF 2.0v. The newly added protocol would make it easy for the ad industry to implement various privacy laws.
Furthermore, in order to organize things, the Global Vendor List (GVL) has been introducedーall the third-party vendors responsible for storing and sharing user data are needed to register themselves to the GVL, which is monitored and updated by IAB.
So, How Does TCF Work?
The working of the Transparency and Consent Framework can be divided into three steps:
- Step 1: Publishers choose the vendors they are working with from the GVL.
- Step 2: Each time users visit the publisher’s website, they are presented with a list of vendors, so they can choose who they wish to share their personal details with.
- Step 3: As per user choice, vendors get to access their data and show ads accordingly.
Note: Vendors who are not registered with GVL will not appear to publishers and users.
What Changes Would Publishers See With TCF in Action?
Case 1: If user agrees to share personal data
User visits the publisher’s website and allows all or a few vendors access to his/her data. Next, the Consent Management Platform would note the user’s preference and inform the vendors about them. The allowed vendors then contact their partnered DSPs to place their bids for the available impressions. Lastly, the bids are collected and highest bidder gets to display the ad.
Case 2: If user disagrees to share personal data
User visits the publisher’s website and does not allow any vendor access to his/her data. Here, the Consent Management Platform would record the user’s decision, communicating the same to vendors and DSPs. Since the users’ personal details cannot be used now, advertisers wanting to run behaviorally targeted ads will not participate in the auction. However, they can instead use contextual targeting (as it doesn’t take user’s personal details but shows ads basis the website’s content) to show relevant ads and avoid wasting impressions.
In a nutshell, users’ choices will decide whether the vendors and DSPs will participate in the auction, which targeting methods will be used, and the performance of the inventory.
The name of this framework self-evidently tells about its benefits. However, to clarify:
- The framework standardizes the transparency and consent policies for the industry including publishers, advertisers, and ad tech vendors. A standard set of rules will be more helpful in understanding it and implementing it on several stages.
- TCF helps the industry understand and play by user consent. It allows users to choose if they want to share their information, with whom, and for what purpose.
- For publishers, asking for consent and giving users the chance to choose vendors can lead to better (and more transparent) user-publisher relationships.
- The latest version, TCF 2.0, supports all the latest programmatic deal methods like OpenRTB, header bidding, and more.
- Respecting user privacy is a step in the right direction, the ad tech gets a chance to clean up its image and become an industry that lets users truly choose what they want.
This framework is not perfect either. Here are a few drawbacks:
- No protection against data leakage: Once a user gives consent to the use of his/her data, it’s possible the vendor can share the data with the demand-side. In the case of targeting, the user profile is compared with the advertiser campaign to show relevant ads. So, while user consent is recorded, there are no rules monitoring the use of data once it’s shared with DSPs.
- No responsible party: Because of lack of control of data, CMPs, DSPs, and SSPs are expected to act in good faith and respect user choices. Once the user provides consent, no single party is responsible for the maintenance and security of the user data.
What’s in it for Publishers?
TCF is not mandatory yet.
For publishers, this framework can help foster better relationships with their users. Next, it can help them better understand which third-party vendors are preferred by users.
On the other hand, if users choose not to share their personal details, no behaviorally targeted ads will be served for that user. This can drastically reduce the publisher’s earnings.
In the bigger picture, TCF should help improve data collection and usage habits. Depending on the adoption, TCF can make users look at ads as a normal part of the digital experience rather than an intrusion that steals their attention.
IAB is already approaching multiple vendors and publishers to drive TCF compliance and increase adoption, as data security continues to be a major concern for most industries.