The coming months will revolve around new specifications by IAB Europe for TCF V2.2 in response to the Belgian Data Protection Authority and Google’s additional certification for CMPs when serving ads to users in the European Economic Area or the UK.
Publishers that use Google AdSense, Ad Manager, or AdMob for advertising will still be able to use Complianz, as we’re both complying with TCF V2.2 and received Google’s CMP certification. Later this year, Google will start rolling out stricter requirements.
New IAB TCF requirement
The Belgian Data Protection Authority decision IAB to revise the current TCF version on two major flaws, in general terms: Firstly, the information provided through the user interface to the end-user was too vague to understand the scope and usage of data processing. Secondly, the use of legal basis “Legitimate Interest” will not be allowed.
We’re currently working on TCF V2.2 and see a significant improvement for end-users in understanding and getting control of the information provided. This will be live somewhere in September, as per IAB’s wishes. Google has an additional CMP certification on top of the required TCF V2.2.
What Changes in Complianz?
In our latest update we have conformed to TCF V2.2, which is subsequently the version of Complianz that has been certified by Google for upcoming guidelines. So what are the significant changes?
In general, after the update you will default to the new version of TCF including conforming to the guidelines, so you’re doing fine. But there are some changes you might want to check.
NB. the changes do not all appear in 6.0, although conforming to the guidelines, the full switch will be in 7.0 just a couple of weeks later.
- The deny button is now enforced on the TCF banner. It should appear on the banner after the update. You should style it the same as the accept button. It now inherits the same properties as our ‘normal’ consent banner as it conforms to the GDPR. If you want to remove the deny button, you can use CSS:
.cmplz-deny {display:none;}
- Manage Consent Tab – the revoke option in the bottom corner is now more visible. There are alternatives, for example a floating widget, a link to your cookie policy in the footer or using a link which triggers the banner. You can always opt to shorten the wording to ‘Privacy’. As long as the button is visible for all users.
- Google CMP Certification – in effect at the end of January 2024, Complianz has been certified and added the additional necessary requirements by default.
- Vendors are plenty, and it is finally addressed by making sure publishers do control the amount of vendors they add to the network. Some CMPs offer an in-depth list of all vendors, but Complianz offers a couple of privacy related questions in the wizard to control the vendors on your terms, based on privacy.
- There’s a new variant (by default) where you use non-TCF vendors when choosing Google’s Advertising Products, and additional consent string. If you do not use any Google Advertising Products you can (or should) remove them in the wizard, under services.
Google CMP Certification
We expect Google to work towards a more uniform approach for CMPs and will include an Additional Consent Mode, whereby non-TCF vendors can still be used for advertising purposes.
Timeline
- May 2023 and onward: Google has begun certifying CMPs that work with our publishing partners. Google will work with CMPs to certify them against the certification criteria. Complianz has received CMP certification on July 14th.
- January 2024: In addition to our EU user consent policy, publishers and developers using Google AdSense, Ad Manager, or AdMob will be required to use a Consent Management Platform (CMP) that has been certified by Google and has integrated with the IAB’s Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area or the UK.
