1. Documentation
  2. Consent Management
  3. Consent Manager and IAB Frameworks

Osano and the IAB EU TCF 2.0 Framework

Osano and the IAB EU Transparency and Consent Framework (TCF v2.0)

This is an Enterprise Only feature. 

In order to support vendors, publishers, and advertisers in meeting the consent and transparency requirements laid out by GDPR and the ePrivacy Directive, the Interactive Advertising Bureau, or IAB, has created an industry-standard called the Transparency and Consent Framework (TFC v2.0)

"The TCF creates an environment where website publishers can tell visitors what data is being collected and how their website and the companies they partner with intend to use it. The TCF gives the publishing and advertising industries a common language with which to communicate consumer consent for the delivery of relevant online advertising and content." 

-IAB Europe

Click HERE to view the IAB TCF Fact Sheet. 

 

To align with this industry-standard, Osano is registered and certified with IAB as a consent management provider (CMP) and now offers this framework as an optional addition to the out-of-the-box consent manager application. 

When TCF support is enabled, the consent manager will appear vastly different from Osano’s out-of-the-box consent manager solution and will include all standard IAB verbiage and consent options. 

The IAB framework signals user consent preferences to advertising vendors rather than blocking the vendors themselves, though, when used in conjunction with Osano, we are able to allow users to do both. 

When enabling Osano’s IAB EU TCF 2.0 support, note that this will significantly change your end-user consent dialog and drawer experience. Please review the changes before making them available for users in your production environment. We recommend doing the following before enabling:

  1. Please confirm with your privacy and legal teams that IAB EU TCF 2.0 applies to your business.
  2. Please check with your engineering team as to the usage of custom CSS targeting the Osano Consent Manager. The content of the drawer will be changed to adhere to the legal requirements of the IAB, and therefore could impact any custom styling.

Once enabled, you will see a new tab appear in your configuration settings called “IAB.” The IAB tab will allow you to select your vendors from a list of IAB-certified vendors. This list is updated by the IAB weekly and updated by Osano daily, so changes are always tracked. You should add all applicable IAB vendors (vendors that load on your website). This will give your end-users the ability to communicate with individual vendors via the TCF framework and customize their level of consent for each. 


Osano's IAB TCF 2.0 Implementation

Enabling the IAB framework within Osano is straightforward. 

All you need to do is flip the “IAB GPP & EU TCF 2.0 Frameworks” switch in the “Settings” of your consent manager configuration. 


Screenshot 2023-04-10 at 5.28.06 PM


Once enabled, go to the new IAB tab and use the search field to find and select any IAB vendors you work with. For a vendor to be available for selection, they must be registered with the IAB – a full list can be found here. Osano syncs with the IAB vendor list every 24 hours. If you don't see a vendor you're working with it's possible they are registered under a different name. Start with reaching out to the vendor to get their IAB number for identifier.


 

Once you “Save” and “Publish” these changes, customers that access your site from applicable regions (Regions that fall under the jurisdiction of GDPR) will automatically receive the TCF, Consent Manager. 

Once set, Osano will automatically signal consent to any included vendor using the IAB framework on your website.

Please note that Version 2 of TCF introduced strict policies on what wording must be used in the cookie popup and storage preferences drawer as well as the configuration of the consent banner (popup).

Because of this, when IAB TCF2.0 support is turned on, your banner (popup and drawer) will have the following non-editable text: 

"This website stores and accesses information on your device, such as cookies. Personal data may be processed, such as cookie identifiers, unique device identifiers, and browser information. Third parties may store and access information on your device and process this personal data. You may change or withdraw your preferences by clicking on the cookie icon; however, as a consequence, you may not see relevant ads or personalized content. You may change your settings at any time or accept the default settings.”

Note: The Osano consent banner text has been approved by the IAB Europe. In order to ensure TCF compliance, Osano does not allow for customization of IAB TCF text. 

 

NOTE: There is currently NO preview of the IAB TCF2.0 banner and storage preferences available in the Osano application. To view this, you will need to activate your osano.js [Permissive or Strict mode]. We recommend testing on a staging or pre-production environment where possible. 

Once enabled, end-users will have the ability to select their level compliance (opt into/out of particular categories) as well as make more detailed selections with regards to IAB vendors and what they can and cannot do with that user’s data. 

 

 

Users can opt out of the “marketing” category as a whole or can make certain specifications regarding what advertisers can do with their data and what they can’t. These are communicated to the IAB vendors using the TCF standard. 

 

Using the IAB TCF 2.0 Framework, users have the right to opt into or out of the following purposes for data collection and use: 

  • Purpose 1: Store and/or access information on a device
  • Purpose 2: Select basic ads
  • Purpose 3: Create personalized ads profile 
  • Purpose 4: Select personalized ads
  • Purpose 5: Create a personalized content profile  
  • Purpose 6: Select personalized content 
  • Purpose 7: Measure ad performance
  • Purpose 8: Measure content performance 
  • Purpose 9: Apply market research to generate audience insights
  • Purpose 10: Develop and improve products

IAB Vendor Communicaiton

Osano CMP exposes the standard IAB GPP and TCF 2.0 CMP API specifications.

This means that vendors can read out the user's consent state from the tcData object and string. The following code uses the TCF 2.0 API:

__tcfapi('getTCData', 2, (tcData, success) => { if(success) { console.log(tcData) }}); 

Example Response:

{tcString: "CO75lfRO75lfREXABBENA3CwAP_AAAAAACiQAAAAAAAA.YAAAAAAAAAAA", tcfPolicyVersion: 2, cmpVersion: 1, cmpId: 279, gdprApplies: false, …}cmpId: 279cmpLoaded: truecmpStatus: "loaded"cmpVersion: 1displayStatus: "visible"eventStatus: "tcloaded"gdprApplies: falseisServiceSpecific: truepublisherCC: "US"purpose:consents:1: true2: true3: true4: true5: true6: true7: true8: true9: true10: true__proto__: ObjectlegitimateInterests:__proto__: Object__proto__: ObjectpurposeOneTreatment: falsetcString: "CO75lfRO75lfREXABBENA3CwAP_AAAAAACiQAAAAAAAA.YAAAAAAAAAAA"tcfPolicyVersion: 2useNonStandardStacks: false__proto__: Object