惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
L
LINUX DO - 热门话题
Blog — PlanetScale
Blog — PlanetScale
博客园 - Franky
J
Java Code Geeks
腾讯CDC
博客园 - 聂微东
The Cloudflare Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
Last Week in AI
Last Week in AI
量子位
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog
Google DeepMind News
Google DeepMind News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
Schneier on Security
C
CERT Recently Published Vulnerability Notes
Latest news
Latest news
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
有赞技术团队
有赞技术团队
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
Securelist
AWS News Blog
AWS News Blog
GbyAI
GbyAI
L
LINUX DO - 最新话题
大猫的无限游戏
大猫的无限游戏
Forbes - Security
Forbes - Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Attack and Defense Labs
Attack and Defense Labs
C
CXSECURITY Database RSS Feed - CXSecurity.com
Y
Y Combinator Blog
W
WeLiveSecurity
T
Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Proofpoint News Feed
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
V
V2EX
N
News and Events Feed by Topic
Google DeepMind News
Google DeepMind News
D
Docker
The Hacker News
The Hacker News
A
About on SuperTechFans
Security Latest
Security Latest
NISL@THU
NISL@THU
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
博客园_首页
H
Hacker News: Front Page

Compliance Solutions for Websites, Apps and Organizations | iubenda

AI can build your website. It can't manage your consent. | iubenda Browser signals and machine-readable consent: what they are and what the EU’s Digital Omnibus could change California Consumer Privacy Act (CCPA): Complete Guide How to increase your cookie banner opt-in rates: 5 mistakes to fix today | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #153) Why your consent management setup is a marketing performance question Everything you need to know about GDPR The redesigned cookie banner and configurator What nobody tells you about handing over the company you built European marketers are betting on retention. Privacy could be the edge they’re not using yet. The 5 best alternatives to Didomi in 2026: Pros, cons, pricing, and comparison Looking back on 15 years: what iubenda's founder would tell his 2011 self | iubenda The best cookie policy generator in 2026 DPO Newsletter: Global Data Protection & Privacy News (issue #152) | iubenda What publishers should expect from the EU’s Digital Omnibus proposal Uncertainty is the biggest blocker to AI adoption in marketing | iubenda Everything AI app builders need to know about vibecoding and privacy compliance | iubenda Introducing 1-Click Embedding for Google Tag Manager The Essential Small Business Terms and Conditions Template: What You Need to Know Terms of Use Template | iubenda IAB Europe Raises Concerns Over GDPR Procedural Regulation Draft Report | iubenda Learn from HelloFresh's Costly Mistake: Ensure Compliance with iubenda | iubenda Understanding the Spanish DPA Guide on Audience Measurement Cookies | iubenda The Austrian Data Protection Authority's FAQs on Cookies and Privacy | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #127) | iubenda Microsoft Ensuring European Data Stays Within the EU Cloud Boundary | iubenda Businesses Beware: ICO’s Record £14.3m in Fines for Data Misuse in 2023 Understanding the Risks and Responsibilities of Model-as-a-Service Companies in AI Development Facebook's New “Link History” Feature: A Blend of Convenience and Surveillance? | iubenda OpenAI’s Strategic Move in the EU: Aligning with Data Privacy Regulations TikTok Faces Lawsuit Over Tracking Non-Users What’s the Digital Markets Act (DMA) and how will it affect you? | iubenda Simplifying Cookie Consent: The European Commission's Approach | iubenda Google Settles Landmark Privacy Lawsuit for $5 Billion | iubenda Navigate GDPR Compliance with Confidence: Lessons from Recent Fines in Italy Simplifying the Commission's New Reporting Template for Digital Market Gatekeepers | iubenda Understanding the GDPR Complaint Against X (Twitter) for Illegal MicroTargeting | iubenda Spanish Media Giants Take On Meta in a Groundbreaking $600 Million Lawsuit | iubenda DPO Newsletter: Data Protection & Privacy News (issue #126) | iubenda Belgian DPA Mandates Cookie Banner Changes for Major Media Websites | iubenda UK's Top Websites Warned by ICO to Revise Cookie Practices | iubenda Understanding the European Union's Data Act | iubenda Google Announces Consent Mode v2 – here’s what it means for your business and advertising Noyb Challenges EU Commission Over Controversial Ad Campaign | iubenda OECD Updates AI Definition: A Step Forward in Shaping EU’s AI Law Firefox To Introduce Simplified Global Privacy Control Berlin Court Cracks Down on LinkedIn’s Privacy Violations The YouTube Ad Blocker Controversy: A Test of the ePrivacy Directive? | iubenda DPO Newsletter: Data Protection & Privacy News (issue #125) Facebook and Instagram Subscription: Meta adds a paywall | iubenda GDPR Violation: Lack of Transparency in Data Processing via Google Fonts Amazon Introduces AWS European Sovereign Cloud to Address EU Regulations | iubenda Texas New Data Privacy Law TDPSA: Everything you need to know How to Make Money with a Website Without Selling Anything Oregon Consumer Privacy Act: Overview | iubenda Google’s Move to Disable Third-Party Cookies: What Advertisers Need to Know IMY Fines H&M for GDPR Violations: A Closer Look EU Commission Requests Information from X Under Digital Services Act: What You Need to Know | iubenda Understanding California’s “Delete Act” and Data Broker Regulations TCF v 2.2 Initial Layer (Banner) Requirements | iubenda Grindr Faces €5.8 Million Fine: A Reminder on the Importance of GDPR Compliance | iubenda Newly Enacted Iowa Consumer Data Protection Act (ICDPA) | iubenda The Witch’s Brew of Privacy: A Halloween Tale of Compliance and Consequences IAB TCF 2.2 – What you need to do DPO Newsletter: Data Protection & Privacy News (issue #124) Blog Ideas That Make Money: How To Make Money From Your Blog + Examples | iubenda Maximize your Growth with Online Presence Management | iubenda Meta's New Pivot in Europe: To Pay or Not to Pay for an Ad-Free Experience? | iubenda Consumer Reports Launches Free ‘Permission Slip’ App to Protect Your Data | iubenda DAZN’s Access Request Saga Personal Brand Logo: How to Stand Out in a Crowded Marketplace UK-US Data Bridge: A New Era for Secure Data Transfers 7 Ways How to Promote Affiliate Links Effectively (And Boost Commissions) | iubenda Mastering LinkedIn Personal Branding: A Guide to More Opportunities Meta's New Approach: Pay for Your Privacy? | iubenda No Return, No Refund Policy Template & Guide GDPR in the US: a GDPR Checklist for US Companies Crafting a Niche with Branding and Identity Design | iubenda The Online Safety Bill: A Leap Towards a Safer Digital United Kingdom Understanding Google's $93m Settlement over Consumer Location Data Accusations | iubenda CCPA vs CPRA: Key Differences You Need to Know | iubenda How To Use Ecommerce Retargeting to Grow Your Business | iubenda PECR: Everything you need to know | iubenda How Mobile Apps Illegally Share Your Personal Data: A Deep Dive | iubenda Legal Spotlight: Privacy Concerns Surrounding OpenAI’s ChatGPT and Microsoft’s Involvement Legal Scrutiny Looms Over Transatlantic Data Deal: French MEP Takes Action Understanding the Digital Markets Act: A Comprehensive Guide Block AI Crawlers: Here’s How To Stop Your Site From Being Used for AI Training (OpenAI and Google Bard Irish Regulator Slaps $368M Fine on TikTok DPO Newsletter: Data Protection & Privacy News (issue #123) | iubenda The Privacy Pitfalls of Vehicle Data Collection: What You Need to Know | iubenda Twitter customer’s data on the menu for xAI models Update: Revised Swiss Privacy Law Takes Effect Fitbit and the GDPR Hurdle: What You Need to Know About Your Data Privacy | iubenda Terms of Service Template for your site | iubenda Senators Urge FTC to Investigate YouTube and Google for Violating Children's Privacy: What You Need to Google AdSense Requirements: Here's What You Need to Know | iubenda Users can’t opt out from marketing emails: FTC fines Experian $650,000 | iubenda DPO Newsletter: Data Protection & Privacy News (issue #122) | iubenda 7 Ways Business Process Automation Can Increase Your Profits
Transitioning to TCF 2.2: What You Need to Know | iubenda
Jessica Ryder · 2023-05-23 · via Compliance Solutions for Websites, Apps and Organizations | iubenda

To meet evolving data protection requirements and expectations, the Transparency & Consent Framework (TCF) Steering Group has approved updates to the Framework. The latest version, TCF 2.2, introduces significant changes aimed at better meeting regulatory expectations and user needs.

In this article, we provide an overview of the main policies and technical amendments, along with a detailed timeline to assist all stakeholders in implementing TCF 2.2.

  • What’s different with IAB’s Transparency and Consent Framework 2.0 vs. 2.2?
    • TCF v2.2 Main Policy Amendments
    • TCF v2.2 Technical Specifications Updates
  • Implementation Timeline

What’s different with IAB’s Transparency and Consent Framework 2.0 vs. 2.2?

TCF v2.2 Main Policy Amendments (New Policy v. 4.0)

The IAB’s Transparency and Consent Framework (TCF) has undergone significant updates and improvements from version 2.0 to version 2.2. These updates address feedback received on the previous version while aiming to meet the needs of all stakeholders in the digital advertising value chain. Let’s explore the key differences between TCF 2.0 and TCF 2.2:

👉 Legal Basis: In TCF 2.0, Vendors had the option to declare reliance on both consent and legitimate interest as the legal basis for purposes 2 to 10. However, in TCF 2.2, legitimate interest is no longer an acceptable legal basis for purposes 3, 4, 5, and 6. Therefore, for these purposes, Vendors can now only rely on consent.

👉 User-Friendly text: TCF 2.2 introduces improved names, descriptions, and explanations of purposes and features. Instead of complex legal language, users are provided with easy-to-understand explanations and real-life examples, making it simpler for them to understand the implications of their consent.

👉 New purpose 11: Purpose 11 (Use limited data to select content) is intended to cover processing activities such as the selection and delivery of non-advertising content based on real-time data (e.g., information about the page content or non-precise geolocation data), and controlling the frequency or order in which content is presented to a user. It does not cover the creation or use of profiles to select personalized content.

👉 Additional Vendor Information: In TCF 2.2, Vendors are required to provide additional details about how they process data. This information includes: 

  • Categories of data collected
  • Retention periods for each purpose
  • Legitimate interests involved (if applicable)

Users will have access to this information, helping them make more informed decisions about their data.

👉 Transparency of Vendor Numbers: Consent Management Platforms (CMPs) are now obligated to display the total number of Vendors seeking a legal basis on the first screen of their interfaces and the total number of Vendors for each purpose on the secondary layers. This transparency offers users a clear understanding of the entities involved in data processing.

❗ WARNINGPublishers should consider the number of Vendors they work with, and put in place a selection process (Publishers may use the Additional Vendor Information List to facilitate such selection). Providing transparency and helping to establish legal bases within the Framework for an unjustifiably large number of Vendors may impact users’ ability to make informed choices and increase Publisher and vendor legal risk.

Consequently, CMP shall allow the Publisher using its CMP to make choices with respect to each Vendor appearing on its sites or apps and may not impose a list of Vendors.  

Note: The TCF Policies do not impose a maximum number of Vendors for which a Publisher establishes legal bases, as it depends on the nature of the services and content provided by the Publisher as well as its business model, and no objective criteria have been laid down by Data Protection Authorities in that respect.

👉 Specific Requirements to Facilitate Consent Withdrawal: TCF 2.2 emphasizes the importance of user control by requiring Publishers and CMPs to ensure that users can resurface the CMP interface (e.g. from a floating icon or a footer link available on each webpage etc.) and withdraw their consent easily. If the initial consent request presented to users contains a call to action that enables user to consent to all purposes and Vendors in one click (such as “Accept all”), an equivalent call to action should be provided when users resurface the CMP interface as to withdraw consent to all purposes and Vendors in one click (such as “Reject all”).

Do all these changes require re-establishing the legal basis for all users? 

No, the new TCF Policies do not require re-establishing legal bases and therefore do not require CMPs to resurface the interface. TCF v2.2 brings further standardization of the minimum information and choices that should be provided to users over the processing of their personal data. Publishers should review the information they provide in their CMPs interfaces in addition to the minimum standard information required under TCF v2.1, and make a case-by-case determination whether re-establishing legal bases is necessary taking into account their specific needs, the context in which they operate and their local Data Protection Authority’s requirements.

TCF v2.2 Technical Specifications Updates

Apart from the policy amendments, TCF 2.2 also brings about technical specification updates:

  1. Saying goodbye to getTCData: Vendors will now use event Listeners (where applicable) to implement the Framework. It’s a more streamlined and efficient way of doing things.
  2. The GVL version has been bumped up to version 3 to include additional Vendor information:
  • New data fields that provide information about the different categories of data. 
  • Data retention periods for each purpose. 
  • Support for declaring URLs in multiple languages. 

These updates in TCF 2.2 aim to enhance user understanding, improve transparency, and provide clearer guidelines for Vendors, Publishers, and CMPs. The framework seeks to strike a balance between privacy protection and enabling targeted advertising in the evolving digital advertising landscape.

Implementation Timeline

⚠️ Please take note of the following deadlines for implementation:

30 June 2023: Vendors must update their GVL registration with the new required information, including any previously updated information. Use the updated GVL registration portal, which now includes new registration fields for TCF 2.2. If you cannot see your existing data in the portal, clear your cache or log in using a different browser.

  • Vendors that update their GVL registration as per the requirements will be published in the new version of the GVL (v3).
  • Vendors updating their registration will also continue to be published in the current version of the GVL (v2) until the end of the implementation period.
  • The GVL v3 will be published weekly as Vendors update their registrations at https://vendor-list.consensu.org/v3/vendor-list.json. This allows CMPs to test the new format and begin building new user-facing disclosures in line with the Policy requirements. Progressive translation will be made available here.

10 July 2023 (Reminder): CMPs must host their scripts on a domain other than consensu.org subdomains, as specified in the notification.

31 July 2023: Vendors must complete a TCF Compliance Assessment form and submit it through the GVL registration portal as part of the updated TCF Compliance programs.

20 November 2023 (end of implementation period): Both CMPs and Vendors are required to implement the new policies and specifications by this date. Compliance will be verified by IAB Europe as part of their regular monitoring of live installations. CMPs can use the CMP Validator Chrome Extension, which includes all the requirements of TCF 2.2, to ensure compliance.

🚀 Stay tuned for exciting updates on what lies ahead!