top of page

IAB Privacy Framework to IAB Privacy Framework v2.0- Making Data Safe Again

The Transparency and Consent Framework was launched in 2018 and is the global cross-industry effort to help publishers, technology vendors, agencies and advertisers meet the transparency and user choice requirements under the General Data Protection Regulation (GDPR).

The Framework is supported by the IAB, 4A's, IAB Tech Lab, IAB Tech Lab Data Transparency Lab, IAB Europe, IAB Advisory Committee, and the European Interactive Digital Advertising (MEDIA) Alliance.

The General Data Protection Act (GDPR) was implemented by the EU on May 25, 2018. The GDPR is a fact, and one of the main elements of the regulation is consent. In theory, this sounds great, but how do publishers get consent from their audience?

The IAB Privacy Framework has been created to offer flexibility to comply with the law and provide a means of transmitting signals of consent from a user to third-party vendors working with publishers.

Let’s discuss what the IAB Framework is, how it works, and what's new in IAB TCF 2.0 to help users get the consent they need.

The General Data Protection Regulation (GDPR) sets the rules for EU citizens’ data collected by businesses and organizations.

The GDPR is designed to give people more control over their data and organizations more clarity on how they can use it. This new regulation raises the bar for all businesses, publishers and brands are no exception. Rules for consent, data portability, and breach notification are just some of the new obligations that organizations face under the GDPR.

IAB Privacy Framework was launched in 2018 and subsequently on May 1, 2020, IAB Launch TCF 2.0 consent string (Transparency and Consent Framework Version). How Does IAB Privacy Framework work?

IAB Europe has launched a new framework to help make online advertising more relevant and better for users. The Framework comprises two parts - a technical specification and a policy component.

The technical specification is an open-source technical specification managed by the IAB Tech Lab. The policy component, on the other hand, is managed by IAB Europe.

The policy component is managed by IAB Europe. The framework is designed to improve the transparency, user experience, and data handling in the digital advertising space.

The framework will let users opt-out of personalized ads and also sets standards for data collection and transparency. For data collection, the Framework requires the use of unique identifiers for ad requests and other data. A unique identifier is defined as a number, not as a specific person or user. This makes the users' information anonymous.

The Framework also requires that consumers be provided with the option to opt out of sharing their data with third parties.

The IAB Framework is designed to standardize the collection of data and take the consent of user choice and transparency, to keep all the data aligned under GDPR guidelines.

Ensures making the data available across the advertising channels. To facilitate adherence to the Framework policy defines a standard of privacy for organizations to comply with the law.

What’s New with the TCF 2.0?

Last year the IAB released the new Transparency & Consent Framework (TCF) 2.0. The IAB framework has already been adopted by hundreds of vendors, enabling users to give and withhold consent, and to object to their data being processed.

Consent is now more granular for users, who have gained more control over whether Vendors are allowed to use their personal data.

It enhances the user credibility, to withhold, and nullify consent of their data being processed.

Users can define and put limitations on whether vendors are allowed to process their personal data or not.

In this blog, we will look at the new features of the framework, including:

#1. The Framework is now called TCF 2.0

#2. TCF 2.0 works with Adzapier

#3. IAB Framework | the GDPR-Compliant Native Advertising Platform

#4. How to participate in Framework?

The Framework is now called TCF 2.0

TCF 2.0 ensures compliance with the EU’s GDPR and EPrivacy Directive and helps organizations to comply with the new data protection law.

Ideally, TCF is created to lay a path in-between publishers, ad-tech vendors, and agencies, to continue display advertising within GDPR guidelines.

TCF 2.0 framework helps publishers to keep track of whether the consent was collected for targeting and works as a safety bridge where organizations can interact with the visitors and make them aware of what data is being collected, and how they have gone use it.

New publisher update allows them to restrict the purpose for vendors to restrict personal data on a publishers’ website.

TCF 2.0 Works with Adzapier

Adzapier makes IAB integrations simple by providing a privacy drop-down on the menu bar.

It’s just 2 clicks away to land into your IAB Vendor dashboard, click on “Privacy”> Click on “Vendors” - Active and disable vendors right from there.

Adzapier Consent Solutions give true control of publishers' and brands' signal and make you aware of vendors' compliance with GDPR or not.

TCF 2.0 also enhances consumers’ controls and exercises their “right to object” to data being processed. This means that the consumer has the right to deny the use of data at any point of the data being processed.

Consumers have more control by defining how vendors can work with certain features of data processing. Ex- use of precise geolocation.

Cookie Scan Feature runs a monthly scan of your domain to ensure that you are always aware of what third-party cookies and data are on your website...

IAB Framework | the GDPR-Compliant Advertising Platform

The Interactive Advertising Bureau is an association of online advertisers and marketing agencies. IAB Europe is a standard-setting entity that supports transparency and ethics across the industry. It is an advocate that keeps all stakeholders up to date with the latest industry regulations and best practices.

GDPR-compliant IAB framework is an open-source project that is a flexible and extensible consent management platform, which enables publishers and brands to work with advertisers and third-party vendors.

The IAB Framework establishes a common ground of cooperation between publishers, brands, advertisers, and consent management providers that makes it easy to comply with the requirements of the GDPR.

How can Vendors participate in Framework?

IAB Privacy Framework, where publishers and brands can select the vendor of their choice from a list of the vendors, that has been part of the Framework. -The list is also known as Global Vendor List.

Vendors need to be agreed on 2 major conditions, to participate In the Framework.

1- Vendor needs to update their existing codes and make sure cookies are not extracted unless they get consent from CMP, or they have a certain legal basis to enable cookies.

2- Ensure that no personal data is being processed further until they get Consent from CMP.

Further, publishers enroll in the IAB Framework, can opt for their vendors from (GVL) Global Vendor List, and partner with them.

After making their choice, the selected vendors have permission to access user data for a certain purpose.

Do you, or do you not required IAB TCF v2?

Being GDPR compliant does not make you IAB TCF v2 compliant. IAB TCF v2 was built to streamline the process and enhance the transparency between audience and business. The framework also assists businesses that manage display advertising and work around the content to be GDPR compliant.

IAB TCF is not the best fit for all, but there are some segments to consider before adopting IAB TCF v2:

You need to be TCF v2 Compliant if: -

  1. Use Cookies IDs-Business that monetize inventory based on PII (Personal Identifiable Numbers).

  2. Businesses who transit consent to vendors, many of them would be IAB TCF v2 Vendors, which will require TCF string. TCF string- It is a coded string that contains all the relevant information regarding the audience consent choice. It helps to identify the consent and for what purpose they are authorized to use the data.

  3. Business who doesn’t want to create a custom method for transmitting consent language, rather than want to adopt the industry-standard language to pass-on the consent.

You don’t need to be TCF v2 Compliant if: -

  1. Business whos’ revenue model is not inflicted by TCF adoption, either they don’t monetize data based on PII.

  2. Businesses who are willing to set up their custom integration with their on-site/in-app vendors and want to work outside of TCF policy.

  3. Business having their integration and does not require to transmit consent from site/app visitors to third-party vendors.


Your website visitors have a right to know that you're recording their consent and what you'll do with it. You must protect that consent and delete it when it's no longer necessary. Every brand, publisher, and advertiser is wise to consider this now!

We provide a solution for collecting and recording each visitor's consent and what you do with it. By adding one line of JavaScript to your website, you instantly become compliant with the GDPR, as well as the data privacy laws.

*Any information obtained from the Adzapier website, services, platform, tools, or comments, whether oral or written, does not constitute legal or regulatory advice. If legal assistance is required, users should seek legal advice from an attorney, a lawyer, or a law firm.*

bottom of page