TCF= Transparency & Consent Framework
GPP= IAB’s Global Privacy Platform
- TCF is how advertisers adhere to the EU's GDPR rules and regulations.
- GPP helps implement privacy regulations, including TCF/GDPR.
- Eventually TCF/GDPR macro will be removed from the tags, and GPP macros will replace them entirely. Google is keeping both macros in the tags for the foreseeable future, until IAB Europe deprecates the TC string (GDPR macros).
- The use of GPP is not required by Google and is just one of multiple methods that publishers can use to support their compliance with US state privacy laws.
- TCF is required when advertising in the EU in order to adhere to general data protection regulation (GDPR) laws.
IAB deprecated the US Privacy String in January 2024, in favor of GPP.GPP is a standardized framework for storing and passing user privacy consent preferences. It combines protocols and rules to enable websites and advertisers to merge users’ consent preferences from various jurisdictions into a standardized string. GPP’s goal is to make it easier for all parties in the digital advertising ecosphere to comply with regional privacy regulations and for users to more easily understand their options or manage preferences.Because of the complexities of new privacy laws across the globe, including the GDPR in Europe, PIPEDA in Canada, and multiple US state laws, IAB’s tech lab created GPP to be a unified standard for communicating user consent and data preferences efficiently and consistently across diverse legal environments.The GPP currently supports the following privacy strings: the IAB Europe TCF, the IAB Canada TCF, the MSPA’s US National string, US states-specific privacy strings for California, Virginia, Utah, Colorado, and Connecticut, and will continue to be expanded.Multiple styles of frameworks are supported by GPP. Some, like TCF, are considered to be “opt in” where the user must make a selection prior to proceeding in the site or app, whereas others, like MSPA US National, are considered to be “opt out”, where the user triggers the consent layer through an embedded link on the site or app.The GPP string can be thought of as a list of all individual privacy strings collected from the end user.
The Transparency and Consent Framework (TCF) was created to help all parties who display and manage digital advertising and develop targeted content, comply with the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) when processing personal data and/or accessing and/or storing information on a user’s device.The TCF is an accountability tool that relies on standardization to facilitate compliance with certain provisions of the ePrivacy Directive and the GDPR. It applies principles and requirements derived from these two legislations to the specific context of the online industry, taking account of relevant EU-level guidance from the EDPB and national level guidance from Data Protection Authorities.IAB Europe maintains the Transparency & Consent Framework (TCF) so you can send consent states to ads vendors, such as Google. Google’s integration with TCF allows you to use IAB TCF directly or work with a CMP ( consent management platform) that uses IAB TCF to pass consent signals to Google.The communication between publishers and vendors must pass through a Consent Management Platform (CMP). A CMP can be operated by anyone, as long as the entity that operates it has completed registration and is approved by IAB Europe.
While the TCF focuses on the EU GDPR and the E-Privacy Directive, the GPP helps publishers and vendors address different privacy laws simultaneously by combining consent signals from multiple jurisdictions.The GPP ID, TCF Vendor ID, and MSPA Signatory ID refer to the same identifier assigned to vendors participating in different frameworks (GPP macros.) When a vendor registers for any of these frameworks, they will always have a GPP ID. This ensures that implementers do not need to maintain separate vendor IDs across multiple frameworks.