Osano and the IAB EU TCF 2.2 Framework

  • Updated

In order to support vendors, publishers, and advertisers in meeting the consent and transparency requirements laid out by GDPR and the ePrivacy Directive, the Interactive Advertising Bureau, or IAB, has created an industry-standard called the Transparency and Consent Framework. 

"The TCF creates an environment where website publishers can tell visitors what data is being collected and how their website and the companies, they partner with intend to use it. The TCF gives the publishing and advertising industries a common language with which to communicate consumer consent for the delivery of relevant online advertising and content." 

-IAB Europe

Click HERE to view the IAB TCF Fact Sheet. 


Introduction to TCF

[This is an Enterprise Only feature.]

To align with this industry-standard, Osano is registered and certified with IAB as a consent management provider (CMP) and now offers this framework as an optional addition to the out-of-the-box consent manager application. 

When TCF support is enabled, the consent manager will appear vastly different from Osano’s out-of-the-box consent manager solution and will include all standard IAB verbiage and consent options. 

The IAB framework signals user consent preferences to advertising vendors rather than blocking the vendors themselves, though, when used in conjunction with Osano, we are able to allow users to do both. 

 

Considerations when Enabling

When enabling Osano’s IAB EU TCF 2.2 support, note that this will significantly change your end-user consent dialog and drawer experience. Please review the changes before making them available for users in your production environment. We recommend doing the following before enabling:

  1. Please confirm with your privacy and legal teams that IAB EU TCF 2.2 applies to your business.
  2. Please check with your engineering team as to the usage of custom CSS targeting the Osano Consent Manager. The content of the drawer will be changed to adhere to the legal requirements of the IAB, and therefore could impact any custom styling.

Once enabled, you will see a new tab appear in your configuration settings called “IAB.” The IAB tab will allow you to select your vendors from a list of IAB-certified vendors. This list is updated by the IAB weekly and updated by Osano daily, so changes are always tracked. You should add all applicable IAB vendors (vendors that load on your website). This will give your end-users the ability to communicate with individual vendors via the TCF framework and customize their level of consent for each. 

 

Osano's IAB TCF 2.2 Implementation

Enabling the IAB framework within Osano is straightforward. 

All you need to do is flip the “IAB GPP & EU TCF 2.0 Frameworks” switch in the “Settings” of your consent manager configuration. 


Screenshot 2023-04-10 at 5.28.06 PM


Once enabled, go to the new IAB tab and use the search field to find and select any IAB vendors you work with. For a vendor to be available for selection, they must be registered with the IAB – a full list can be found here. Osano syncs with the IAB vendor list every 24 hours. If you don't see a vendor you're working with it's possible they are registered under a different name. Start with reaching out to the vendor to get their IAB number for identifier.


 

Once you “Save” and “Publish” these changes, customers that access your site from applicable regions (Regions that fall under the jurisdiction of GDPR) will automatically receive the TCF, Consent Manager. 

Once set, Osano will automatically signal consent to any included vendor using the IAB framework on your website.

 

End User Experience - Banner

Please note that Version 2.2 of TCF introduced strict policies on what wording must be used in the cookie popup and storage preferences drawer as well as the configuration of the consent banner (popup).

Because of this, when IAB TCF2.2 support is turned on, your banner (popup and drawer) will have the following non-editable text: 

"We and our # partners store and access information on your device for personalized ads and content. Personal data may be processed, such as cookie identifiers, unique device identifiers, and browser information. Third parties may store and access information on your device and process this personal data. You may change or withdraw your preferences by clicking on the cookie icon or link; however, as a consequence, you may not see relevant ads or personalized content. You may change your settings at any time or accept the default settings. You may close this banner to continue with only essential cookies."

Note: The Osano consent banner text has been approved by the IAB Europe. In order to ensure TCF compliance, Osano does not allow for customization of IAB TCF text. 

 

End User Experience - Preference Drawer

Once enabled, end-users will have the ability to select their level compliance (opt into/out of particular categories) as well as make more detailed selections with regards to IAB vendors and what they can and cannot do with that user’s data. 

Users can opt out of the “marketing” category as a whole or can make certain specifications regarding what advertisers can do with their data and what they can’t. These are communicated to the IAB vendors using the TCF standard. 

Using the IAB TCF 2.0 Framework, users have the right to opt into or out of the following purposes for data collection and use: 

  • Purpose 1: Store and/or access information on a device
  • Purpose 2: Use limited data to select advertising
  • Purpose 3: Create profiles for personalized advertising
  • Purpose 4: Use profiles to select personalized advertising
  • Purpose 5: Create profiles to personalize content
  • Purpose 6: Use profiles to select personalized content
  • Purpose 7: Measure advertising performance
  • Purpose 8: Measure content performance 
  • Purpose 9: Understand audiences through statistics or combinations of data from different sources
  • Purpose 10: Develop and improve services
  • Purpose 11: Use limited data to select content

 

IAB API Commands

Osano CMP exposes the standard TCF 2.2 CMP API specifications.

This means that vendors can read out the user's consent state from the tcstring.

The following code uses the TCF 2.2 API:

__tcfapi('getTCData', 2, (tcData, success) => { if(success) { console.log(tcData) }}); 

Example Response:

{tcString: 'CP1YsIAP1YsIAEXd1BENAbEwAAAAAEPgAAwIAAALzgBAIiAXmAAA', tcfPolicyVersion: 4, cmpVersion: 1909, cmpId: 279, gdprApplies: true, …}

If you are testing or troubleshooting IAB TCF EU 2.2 behaviors on your site, we recommend using the IAB's TCF 2.2 validator extension to help see which commands and/or vendors are relating to the issue. The extension is available for both Chrome and Edge browsers via the Chrome web store.