In response to feedback from the market, as well as evolving case law and guidelines from various national data protection authorities, the IAB implemented the TCF v2.2. That framework aimed to improve the standardization of information presented to users, and give them more control over how their personal data is processed.<\/p>\n\n\n\n
The TCF v2.3, which has a compliance deadline of February 28, 2026, is a smaller update in scope, but continues to evolve the Framework to strengthen transparency and privacy compliance.<\/p>\n\n\n\n
What was new in the IAB Transparency and Consent Framework v2.2 (TCF v2.2)?<\/h2>\n\n\n\n
The Transparency and Consent Framework (TCF) v2.2 was a significant update to the previous version, with policy changes aimed to increase transparency and provide users with more control over their consent choices.<\/p>\n\n\n\n
Removal of legitimate interest<\/h3>\n\n\n\n
With the release of the TCF v2.2, legitimate interest is no longer allowed as a legal basis for data processing operations related to advertising and content personalization. Vendors can now only select explicit consent as an acceptable legal basis for these purposes.<\/p>\n\n\n\n
Improved user interface (UI)<\/h3>\n\n\n\n
The information required in consent management platforms\u2019 (CMP) UI was improved to include user-friendly standard texts, new features of processing, and real use case illustrations to make it easier for users to understand what they\u2019re consenting to and what their options are.<\/p>\n\n\n\n
Easier consent withdrawal<\/h3>\n\n\n\n
Users are better enabled to change their minds about sharing their data with vendors, and to re-access the CMP UI to change or withdraw consent at any time. The process to withdraw consent must be as easy as the process to give it. The practical implications of this are that the CMP UI must be easily accessible to users and not buried on the website where users must hunt to find it.<\/p>\n\n\n\n
More vendor transparency<\/h3>\n\n\n\n
Detailed disclosures about vendors regarding data categories and retention periods were standardized under TCF v2.2 and must be provided to users in the secondary layer of the CMP.<\/p>\n\n\n\n
Enhanced compliance programs<\/h3>\n\n\n\n
New auditing mechanisms and differentiated enforcement procedures were implemented, including proactive auditing of a larger number of randomly selected CMPs and vendors each month. <\/p>\n\n\n\n
In doubt about whether your website is GDPR-compliant? Test it with the free Cookiebot CMP compliance test<\/a>.<\/p>\n\n\n\n The Transparency and Consent Framework (TCF) v2.3 is a smaller update compared to v2.2. However, it's still important, introducing key adjustments to strengthen transparency and privacy compliance.<\/p>\n\n\n\n Vendors can now better determine if they\u2019re allowed to process data under Special Purposes. Starting February 28, 2026, all new or updated consent signals must include the Disclosed Vendors segment. Special Purposes can be processed under Legitimate Interest only, and with no right to object, but vendors must be explicitly disclosed through the CMP. <\/p>\n\n\n\n Until now, this has been handled through less optimal technical solutions, and with the v2.3 update, clarity on vendor disclosures has been improved.<\/p>\n\n\n\n Existing consent signals created before February 28, 2026, without the TCF v2.3 format, will r<\/strong>emain valid until the user updates or renews their consent preferences. There is no requirement to resurface the CMP to all users.<\/p>\n\n\n\n <\/p>\n\n\n CMPs must implement the new policies and specifications of the TCF v2.3 by February 28, 2026. Cookiebot CMP\u2019s IAB integration supports the new IAB framework (TCF v2.3).<\/p>\n\n\n\n Cookiebot CMP integration with the IAB Transparency and Consent Framework v2.3 continues to be an optional supplement to the core consent framework in the Cookiebot CMP solution.<\/p>\n\n\n\n Cookiebot CMP\u00a0integration consists of an extra panel in the consent banner of websites registered with the IAB. The panel is called \"Ad Settings\", and from there, end users can choose between IAB Purposes and Vendors before submitting their consent.<\/p>\n\n\n\n We recommend using the IAB framework integration as a supplement and not a replacement for the regular\u00a0Cookiebot CMP\u00a0solution. This is because IAB\u2019s consent model works through signaling the user\u2019s consent to advertising vendors, whereas\u00a0Cookiebot CMP\u00a0consent model works through blocking non-consented vendors.<\/p>\n\n\n\n This is a key difference because, according to the GDPR, it is the publisher \u2014 i.e., the website owner \u2014 who is liable for all tracking and personal data collection taking place on their domain, including by third parties.<\/p>\n\n\n\n Cookiebot CMP\u00a0eliminates the dependency on the good faith of the vendors and gives true control to the website owner. By using\u00a0Cookiebot CMP\u00a0as an integration in the IAB framework (TCF v2.3), you help to ensure your GDPR compliance.<\/p>\n\n\n\n To ensure that user consents are being honored by advertising vendors, the Cookiebot CMP patented scanning technology monitors all cookies and similar trackers used by vendors on the website and marks them as non-consensual in the scan report.<\/p>\n\n\n\n Read our technical support article here<\/a> to learn more about implementation and technical details of the IAB framework (TCF v2.2 and v2.3) and\u00a0Cookiebot CMP.<\/p>\n\n\n\n Cookiebot CMP also supports the IAB CCPA Compliance Framework<\/a>.<\/p>\n\n\n\n Cookiebot CMP\u00a0is one of the few consent management platforms on the market that supports full privacy compliance with privacy regulations around the world.<\/p>\n\n\n\n Cookiebot CMP's\u00a0unmatched scanning technology finds all cookies and trackers in use on your website, then takes automatic control to block them from firing until users have given their consent, in line with the requirements of the EU\u2019s General Data Protection Regulation and ePrivacy Directive.<\/p>\n\n\n\n Cookiebot CMP\u00a0performs monthly deep scans of your domain to make sure that you always know what tracking technologies are loading on your website as your operations change.<\/p>\n\n\n\n Learn more about website tracking and how to make it compliant<\/a> with requirements of privacy regulations.<\/p>\n\n\n\n Your scan report can be published as a cookie declaration on your website, e.g., as an integrated part of your website\u2019s privacy or cookie policy.<\/p>\n\n\n\n Consent must be renewed regularly. Every 12 months is fairly standard, however, some national data protection guidelines recommend more frequent renewal, like every months. Check your local data protection guidelines, and if you need to comply with regulations in multiple jurisdictions, choose the shortest renewal period as a best practice.<\/p>\n\n\n The Interactive Advertising Bureau Europe \u2014 IAB\u00a0Europe<\/a> \u2014 is a business organization for online advertisers and marketers, that develops and governs industry standards and best practices, conducts research, and provides legal support.<\/p>\n\n\n\n In preparation for the enforcement of the EU law on data protection and privacy, the General Data Protection Regulation (GDPR)<\/a> in May 2018, the IAB Tech Lab developed a framework in collaboration with IAB Europe. That is the IAB Europe Transparency & Consent Framework (TCF)<\/a>.<\/p>\n\n\n\n The TCF establishes a common ground for cooperation among publishers, advertisers, and consent management providers that can help smooth the process of achieving and maintaining GDPR compliance.<\/p>\n\n\n\n The TCF works as a standardized means for communicating the state of user consent between first parties like publishers, third parties like advertisers, and the consent management solution in use on the first party\u2019s website.<\/p>\n\n\n\n The GDPR sets out strict requirements for how the personal data of European residents can be collected, stored, used, and shared.<\/p>\n\n\n\n In order for your consent management to be GDPR-compliant, it must meet specific criteria. All data processing must take place under one of six legal bases: consent, contractual obligation, legal obligation, vital interests, public task, or legitimate interests. When consent is used, it must be obtained before or when data collection and processing begins, and it must be as easy to withdraw consent as it was to give it.<\/p>\n\n\n\n Consent information must also be securely stored and kept updated over time. In the case of an audit or data subject request, you must be able to provide details about what the user consented to, what information they were presented, and when the consent action was taken.<\/p>\n\n\n\n The purpose of the IAB Framework is to create a standardized cooperation between online publishers<\/strong>, advertisers<\/strong>, and the tech companies supplying consent management<\/strong>, when it comes to meeting GDPR requirements for transparency and user consent.<\/p>\n\n\n\n Within the Framework, these three groups are called \u201cpublishers\u201d, \u201cvendors\u201d, and \u201cCMP\u2019s\u201d (consent management providers).<\/p>\n\n\n\n The IAB Framework enables communicating the state of user consent among the publishing and advertising ecosystem of publishers' websites, vendors, and consent management platforms.<\/p>\n\n\n\n In the TCF, publishers select their vendors of choice from a list of those that have enrolled in the TCF. This list is called the Global Vendor List<\/strong>\u00a0or GVL<\/strong>.<\/p>\n\n\n\n In order to participate in the TCF, the vendor has agreed to a set of conditions:<\/p>\n\n\n\n The Global Vendor List is a sort of registry of allowlisted vendors that have committed to the TCF's rules. When a publisher enrols, they select one or more vendors from the Global Vendor List that they want to partner with.<\/p>\n\n\n\n A users' consent status is stored via a first-party cookie in their browser and shared down the TCF's advertisement information chain. Once the user has made their consent choice, these vendors \u2014and no others \u2014 have access to processing the user\u2019s data for relevant disclosed purposes.<\/p>\n\n\n\n\n\n\n\n <\/p>\n\n\n\n\n What changes has the IAB introduced to the Transparency and Consent Framework? On February 2, 2022, the Belgian DPA found the IAB\u2019s Transparency and Consent Framework (TCF) to be noncompliant with several provisions of the GDPR. It required the IAB to present an action plan to implement corrective measures that address the infringements and bring […]<\/p>\n","protected":false},"author":3,"featured_media":12619,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":true,"inline_featured_image":false,"editor_notices":[],"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"thumbnail_status":false,"thumbnail_url":"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2022\/03\/CB-IAB-TCF-1_1200x630_ffffff.png","_links":{"self":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts\/1176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/comments?post=1176"}],"version-history":[{"count":0,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts\/1176\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/media\/12619"}],"wp:attachment":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/media?parent=1176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/categories?post=1176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/tags?post=1176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What is new in the IAB Transparency and Consent Framework v2.3 (TCF v2.3)?<\/h2>\n\n\n\n
Disclosed Vendors<\/strong> are a mandatory segment<\/strong> in TCF signals<\/h3>\n\n\n\n
\n Try Cookiebot CMP free for 14 days<\/a>... or forever if you have a small website. <\/h2>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n\n\n
Cookiebot CMP and the new IAB Framework (TCF v2.3)<\/h2>\n\n\n\n
Cookiebot CMP's patented scanning technology supports ongoing privacy compliance<\/h3>\n\n\n\n
![\"Cookieboot](\"\/media\/4333\/consent_en.png?width=500&\")
\n Using Cookiebot CMP is free if you have fewer than 50 subpages (unique URLs). <\/h2>\n
What is the IAB Framework and how does it meet GDPR requirements?<\/h2>\n\n\n\n
What are the GDPR requirements and<\/strong> what do they mean for advertisers?<\/h3>\n\n\n\n
Requirements for compliant consent under the GDPR<\/h3>\n\n\n\n
\n
What is the purpose of the IAB Framework?<\/h3>\n\n\n\n
Publishers, vendors, and CMPs under the IAB TCF<\/h3>\n\n\n\n
\n
<\/li>\n\n\n\nHow\u00a0does the IAB TCF work?<\/h3>\n\n\n\n
\n
The most used solution for compliant use of cookies and online tracking<\/h2>\n <\/div>\n
![\"Pepco\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/pepco_group_logo_340px_01-1.svg?v=1548f22bcec1f087\"\n){kind=logo}
\n <\/div>\n ![\"rural-king\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/rural-king.svg?v=c61b94b055f7f6f1\"\n)
\n <\/div>\n ![\"orbico\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/orbico.svg?v=0c403b5e138f2d8e\"\n)
\n <\/div>\n ![\"credit-exchange\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/credit-exchange.svg?v=6bb93c10d76574f5\"\n)
\n <\/div>\n ![\"canon\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/canon.svg?v=d58e7999bf5b46cc\"\n)
\n <\/div>\n ![\"bauhaus\"](\"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2023\/11\/bauhaus.svg?v=695ed7c488c3a310\"\n)
\n <\/div>\n <\/div>\n <\/div>\n","protected":false},"excerpt":{"rendered":"