Transparency & Consent Framework and Global Privacy Platform info in tags (TCF/GPP)

Transparency & Consent Framework and Global Privacy Platform info in tags (TCF/GPP)

Privacy law is ever changing and complex - especially as it relates to advertising. If XM's ad tags do not adhere to these privacy laws, ad tags may not be accepted by suppliers or they may run incorrectly, which will result in unhappy clients, or worse: legal issues.  

Different countries and even individual states in the US have varying privacy laws, which have become increasingly more complicated and cumbersome. In an effort to streamline these complexities IAB created The Global Privacy Platform (GPP): a unified standard for communicating user consent and data preferences across multiple legal environments.

WTF is TCF and GPP?

TCF= Transparency & Consent Framework
GPP= IAB’s
Global Privacy Platform

The CliffsNotes

  1. TCF is how advertisers adhere to the EU's GDPR rules and regulations. 
  2. GPP helps implement privacy regulations, including TCF/GDPR.
    1. Eventually TCF/GDPR macro will be removed from the tags, and GPP macros will replace them entirely. Google is keeping both macros in the tags for the foreseeable future, until IAB Europe deprecates the TC string (GDPR macros).
  3. The use of GPP is not required by Google and is just one of multiple methods that publishers can use to support their compliance with US state privacy laws.
  4. TCF is required when advertising in the EU in order to adhere to general data protection regulation (GDPR) laws.

Why should you, as a Crossmedian, care about this?

  1. TCF/GPP causes a code change to the ad tags globally, not just for CM360.  Suppliers may ask YOU about those changes and how to handle them. See the red box below.
  2. This code change goes hand in hand with data privacy laws.
  3. The IAB is working with everyone to make it easier to be compliant with those data privacy law changes, which means less tag adjustments in the future.

If a publisher cannot accept ad tags or sees errors with the ad tags due to the TCF/GPP macros

please instruct them to remove the two lines containing the macros.  The lines are highlighted in the example below:
<ins class='dcmads' style='display:inline-block;width:970px;height:250px'
    data-dcm-placement='N7584.3873949ARIZENT/B32971980.417344437'
    data-dcm-rendering-mode='iframe'
    data-dcm-https-only
    data-dcm-api-frameworks='[APIFRAMEWORKS]'
    data-dcm-omid-partner='[OMIDPARTNER]'
    data-dcm-gdpr-applies='gdpr=${GDPR}'
    data-dcm-gdpr-consent='gdpr_consent=${GDPR_CONSENT_755}'
    data-dcm-addtl-consent='addtl_consent=${ADDTL_CONSENT}'
    data-dcm-gpp='gpp=${GPP_STRING_755}'
    data-dcm-gpp-sid='gpp_sid=${GPP_SID}'
    data-dcm-ltd='false'
    data-dcm-resettable-device-id=''
    data-dcm-app-id=''>
</ins>

Detailed Information

What exactly is GPP (Global Privacy Platform) ?

IAB deprecated the US Privacy String in January 2024, in favor of GPP.

GPP is a standardized framework for storing and passing user privacy consent preferences. It combines protocols and rules to enable websites and advertisers to merge users’ consent preferences from various jurisdictions into a standardized string. GPP’s goal is to make it easier for all parties in the digital advertising ecosphere to comply with regional privacy regulations and for users to more easily understand their options or manage preferences.

Because of the complexities of new privacy laws across the globe, including the GDPR in Europe, PIPEDA in Canada, and multiple US state laws, IAB’s tech lab created GPP to be a unified standard for communicating user consent and data preferences efficiently and consistently across diverse legal environments.

The GPP currently supports the following privacy strings: the IAB Europe TCF, the IAB Canada TCF, the MSPA’s US National string, US states-specific privacy strings for California, Virginia, Utah, Colorado, and Connecticut, and will continue to be expanded.

Multiple styles of frameworks are supported by GPP. Some, like TCF, are considered to be “opt in” where the user must make a selection prior to proceeding in the site or app, whereas others, like MSPA US National, are considered to be “opt out”, where the user triggers the consent layer through an embedded link on the site or app.

The GPP string can be thought of as a list of all individual privacy strings collected from the end user.

What exactly is TCF (Global Privacy Platform) ?

The Transparency and Consent Framework (TCF) was created to help all parties who display and manage digital advertising and develop targeted content, comply with the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) when processing personal data and/or accessing and/or storing information on a user’s device.

The TCF is an accountability tool that relies on standardization to facilitate compliance with certain provisions of the ePrivacy Directive and the GDPR. It applies principles and requirements derived from these two legislations to the specific context of the online industry, taking account of relevant EU-level guidance from the EDPB and national level guidance from Data Protection Authorities.

IAB Europe maintains the Transparency & Consent Framework (TCF) so you can send consent states to ads vendors, such as Google. Google’s integration with TCF allows you to use IAB TCF directly or work with a CMP ( consent management platform) that uses IAB TCF to pass consent signals to Google.

The communication between publishers and vendors must pass through a Consent Management Platform (CMP). A CMP can be operated by anyone, as long as the entity that operates it has completed registration and is approved by IAB Europe.

What is the difference between the TCF and the GPP?

While the TCF focuses on the EU GDPR and the E-Privacy Directive, the GPP helps publishers and vendors address different privacy laws simultaneously by combining consent signals from multiple jurisdictions.

The GPP ID, TCF Vendor ID, and MSPA Signatory ID refer to the same identifier assigned to vendors participating in different frameworks (GPP macros.) When a vendor registers for any of these frameworks, they will always have a GPP ID. This ensures that implementers do not need to maintain separate vendor IDs across multiple frameworks.

AdOps - what you need to know

Unchecking ‘Include TCF/GPP macros’ toggle when downloading tags removes both GDPR and GPP macros from the tags.

    • Related Articles

    • Social platform links to 4th party tracking

      snap: https://businesshelp.snapchat.com/en-US/a/third-party-implement twitter: https://business.twitter.com/en/help/campaign-measurement-and-analytics/doubleclick-measurement.html tiktok: https://ads.tiktok.com/help/article?aid=112157096317738182 ...
    • DV360 rejecting CM360 1x1s as being invalid tags

      You may see DV360 rejecting 1x1 tags, saying that the CM360 tag is invalid, like this: Fake news. It’s not a real rejection. In their own documentation, Google notes “If the creative is a 1x1 and only meant for tracking, you can ignore this ...
    • XM Ad Tag Cheat Sheet

      See below for the type of tags that you'll receive for 4th party partners, depending on the CM360 serving type. IAS, C3 and other partners will only provide you with impression trackers. The only click tracker you will ever receive will be from ...
    • Materials Needed for AdOps Troubleshooting

      Are you in need of AdOps help with your troubleshooting ticket? This guide will help you make sure you have all the materials the AdOps team might ask you to provide. By preparing these items ahead of submitting a ticket, you save time for all teams ...
    • Adding a 4th party vendor or tech partner to DNAV tags

      You need to add a tech partner or study partner to direct or programmatic display, native, audio or video. Here's what you should do. Have a conversation with Nickki before committing to the tech or study partner This is important to do to ensure the ...