TCF 2.2 Launches! All You Need To Know

TCF 2.2 Launches! All You Need To Know

Om te voldoen aan de eisen van zowel de ePrivacy-richtlijn als de AVG, heeft de Transparency & Consent Framework (TCF) Steering Group van IAB Europa aanpassingen aan het Framework goedgekeurd. De TCF-werkgroepen hebben intensief gewerkt aan het standaardiseren van de informatie en keuzes die aan gebruikers moeten worden geboden met betrekking tot de verwerking van hun persoonlijke gegevens. Evenals de manier waarop deze keuzes moeten worden vastgelegd, gecommuniceerd en gerespecteerd.

Met de ontwikkelingen in de jurisprudentie en richtlijnen van de Data Protection Authorities (DPAs) worden er steeds hogere eisen gesteld aan partijen op het gebied van gegevensbescherming. De nieuwste versie van het Transparency & Consent Framework, TCF v2.2, brengt belangrijke veranderingen met zich mee en om beter te voldoen aan de verwachtingen van regelgevers en de behoeften van eindgebruikers.

Op 16 mei 2023 werd TCF 2.2 van IAB Europa officieel gelanceerd. Het onderstaande artikel biedt een overzicht van de belangrijkste beleids- en technische wijzigingen die zijn doorgevoerd. Tevens een gedetailleerde tijdlijn om alle belanghebbenden te ondersteunen bij de implementatie van TCF 2.2.

ARTICLE IAB EUROPE

TCF v2.2 Main Policy Amendments

Removal of the legitimate interest legal basis for advertising & content personalisation: within the scope of the TCF, Vendors will only be able to select consent as an acceptable legal basis for purposes 3, 4, 5 and 6 at registration level; Improvements to the information provided to end-users: the purposes and features’ names and descriptions have changed. The legal text has been removed and replaced by user-friendly descriptions – supplemented by examples of real-use cases (illustrations); Standardisation of additional information about Vendors: Vendors will be required to provide additional information about their data processing operations – so that this information can in turn be disclosed to end-users; Categories of data collected Retention periods on a per-purpose basis Legitimate interest(s) at stake – where applicable Transparency over the number of Vendors: CMPs will be required to disclose the total number of Vendors seeking to establish a legal basis on the first layer of their UIs; Specific requirements to facilitate users’ withdrawal of consent: Publishers and CMPs will need to ensure that users can resurface the CMP UIs and withdraw consent easily. 

Please consult the relevant sections of the updated Policies for further details and IAB Europe’s blogpost here.

TCF v2.2 Technical Specifications Updates

With a view to implementing these policy changes, IAB Tech Lab has updated the technical specifications for the Transparency & Consent Framework. These changes include:

Deprecation of the getTCData and requirement for Vendors to use eventListeners, where applicable Updates to the GVL: the version will be incremented to 3 and the GVL will include additional data: new fields for taxonomy of categories of data inclusion of data retention periods per purpose support for multiple languages URL declaration

Please consult the updated Technical Specifications for further details and IAB Tech Lab’s blogpost here.

The Javascript Library that supports TCF participants’ implementation is also being updated to accommodate TCF v2.2 here.

Implementation Timeline

Please note the following deadlines:

30 June 2023

Deadline for Vendors to update their GVL registration with the new required information (as well as any other required information they failed to update previously). They can do so by logging-in to the GVL registration portal here that has been updated with new registration fields for TCF v2.2. If you don’t see your existing data in the portal, clear your cache or log-in using a different browser.

Only Vendors that update their GVL registration according to the requirements will be published in the new version of the GVL (v3).

Vendors updating their registration will also continue to be published in the current version of the GVL (v2) that will continue to run until the end of the implementation period.

The GVL v3 will start being published weekly as Vendors update their registrations at https://vendor-list.consensu.org/v3/vendor-list.json, to enable CMPs to test the new format, and to start building new user-facing disclosures in line with the requirements of the Policies. Translation will be made available progressively here.

10 July 2023 (Reminder)

Deadline for CMPs to host their scripts on a domain other than consensu.org subdomains as per the notification here.

31 July 2023

Deadline for Vendors to complete a TCF Compliance Assessment form and submit it through the GVL registration portal as part of the updated TCF Compliance programmes described here

30 September 2023 – end of implementation period

CMPs are required to implement the new policies and specifications by 30 September 2023. CMP Framework UIs will not need to apply for re-validation. Compliance with the new requirements will, however, be verified as part of IAB Europe’s regular monitoring of CMPs’ live installations as of the implementation deadline. To support CMPs in their developments, IAB Europe has released a new CMP Validator Chrome Extension available here that includes all requirements of TCF v2.2. 

Vendors are required to implement the new policies and specifications by 30 September 2023. Similar to CMPs, compliance with the new requirements will be verified as part of IAB Europe’s regular monitoring of Vendors’ live installations as of the implementation deadline.

Please visit the TCF section of IAB Europe’s website for more information or read the FAQs document here. Dedicated webinars will be organised at the beginning of June for each category of participants – Publishers, CMPs and Vendors. 

Gerelateerde artikelen