top of page
Search
  • Writer's pictureUPPERATE

Google CMP and IAB TCF V2.2: New Requirements for Publishers

There is no end to Google’s continuous effort to bring out a user-conscious digital ecosystem.

In that sense, Google recently announced new consent requirements for publishers in the EEA and the UK. The new requirement wants publishers to use Google-certified CMP (Consent Management Platform) integrated with IAB’s TCF v2.2 (Transparency and Consent Framework) to serve ads in the EEA and the UK region.

Here’s our blog on Google’s new ad consent requirement for publishers, what it is, what TCF and CMP are, why it is needed, and what you should do next.

Table of Contents [Show]

Google and IAB: A Short Flashback

In 2020, Google integrated its ad systems with IAB’s TCF, the industry standard for user data collection and management. Google did this to support TCF and aid industry efforts in making a standardized consent framework for transparency and control.

Now, what exactly is TCF?

TCF (Transparency and Consent Framework) is an industry-standard that helps publishers and digital advertising stakeholders follow GDPR requirements in user data collection and management.

IAB Europe designed TCF to ensure that users can make clear consent choices about who collects their data, how it is used, and for what purpose. It also helps users control, manage, and change consent preferences.

Here’s our detailed guide on IAB TCF: Transparency and Consent Framework (TCF) – From 1.0 to 2.0.

The players who are involved in the TCF are:

Publishers: The ones at the forefront of collecting data from the users

Vendors: The one who gets data from the publishers to use for showing advertisements, personalization, and improving their products and services

Consent Management Platform: CMP is the platform that helps publishers and vendors collect and store user data along with consent. Also, it makes them use data properly according to the given consent in compliance with privacy laws such as GDPR and CPRA.

CMP is a software solution that helps in consent management whose main roles include the following:

  • Displaying timely consent notices to users to collect data.

  • It collects consent and preferences from users on how their data should be processed.

  • It stores the collected data and enables the publishers and vendors to use it properly with consent by complying with privacy laws.

TCF is a standardized framework for getting user consent and data processing. By integrating with TCF, Google supports the industry standard for a consistent consent experience.

As consumer demand and concern over privacy increase, Google laid out the new consent requirement concerning the IAB TCF v2.2 and wants the publishing industry to follow it, especially if they are working on the EEA and the UK market.

Google’s New CMP TCF Requirement

The new consent requirement by Google wants the publishers – who use Google Adsense, Ad Manager, or AdMob- to use a Google-certified CMP that works with IAB TCF v2.2.

The publisher must work with Google-certified CMP to server ads in the EEA and the UK region. To help publishers with the smooth transition, Google has begun certifying CMPs against the TCF v2.2 criteria and specifications. Soon, it will release the list of Google-certified CMPs on its site.

Google made this move to support consistency in the online advertising consent experience. The publishers can follow the new requirement after Europe’s announcement on the finalization of TCF v2.2.

This move is the continuation of commitment with IAB from 2020. Also, to promote the unified and reliable consent approach for publishers across borders.

What is new in IAB TCF v2.2?

The new version of IAB TCF v2.2 is announced to address the concern the Belgian Data Protection Authority raised about the previous version of TCF, i.e., TCF v1. The concern raised includes

  • Using legitimate interest as the legal basis for processing data for certain purposes (Specifically for personalizing ads and content) without the user’s explicit consent.

  • Vendor information included in the consent message is not enough, and the consent message is not user-friendly enough to understand

  • Users cannot give informed consent if there is insufficient vendor information, such as how many vendors will use the data and who the specific vendors are.

To the critique raised, the IAB made improvements in the TCF v2.2

  • Legitimate interest hereafter cannot be used as a legal basis (without explicit user consent) for using data for personalization purposes. The TCF v2.2 uses explicit consent from users as the legal basis for collecting and using data to show personalized and non-personalized ads.

  • Purpose 11 is added to allow publishers and advertisers to provide users with relevant and engaging content despite the consent received.

*Personalization purpose is one of the 11 purposes defined in the TCF v2.2 glossary. It indicates the purposes for which the user’s data has to be used by vendors in the Global Vendor list (GVL)*.

  • The user-friendly definitions and descriptions will replace the legal text in the CMP UI to aid users in better understanding.

  • Additional vendor information in the CMP UI to increase transparency


    1. Mandatory inclusion of vendor numbers with whom the data is shared in the first layer of CMP UI.

    2. Additional information about the vendors is in the second layer.


  • Easy withdrawal of consent. Users can change, manage, and control their consent and preferences by resurfacing the CMP.

The new versions have made improvements mainly in how the consent message is shown to the users, and the concerned parties should process data for personalization only with explicit consent from users.

To explain the improvements more clearly with images, let us check the consent message of the Didomi CMP (Google-certified CMP), which is written according to the new IAB TCF v2.2 standard.


The consent message in the above figure has user-friendly text and description. It doesn’t show a legitimate interest option and denotes that the data will be used for personalizing ads and content.

It displays how many vendors they work with on the first layer. Behind the anchor text (in the second layer), “ our 18 partners”, the vendor names are listed along with options beside each name “Block” and “Authorize.

The option “ Configure” list the purposes for which the data is used, and user can either consent or opt out of the purpose according to their needs. The message also shows how users can withdraw consent by using consent choices.

Google Is Certifying CMPs

Amid the new requirement, Google has started certifying the CMP used by their publishing partners. It started certification from May 2023 onwards. The certifying process ensures that each CMP can work well with Google products (AdSense, Ad Manager, and AdMob) as the user wants.

Google assures continuous support to TCF publishers and will continue supporting adtech providers not registered with TFC through Additional Consent Specifications. This means publishers can work with non-TFC ad tech providers but must connect directly with their CMP.

In that case, Google checks the CMP compliance with its Additional Consent Specifications. Also, it is important to note that Google does not assess CMPs for full compliance with TCF or other privacy laws.

The CMPs who meet all these criteria will make it to the list of Google-certified CMPs.

Why Do You Need Google Certified CMPs?

There are reasons and benefits for the publishers to use Google-certified CMPs. They are.

Personalized ads: Unless you get your CMP certified by Google, you cannot show your users personalized ads or content. If your CMP is not Google-certified, you can show general ads to the EEA and the UK users.

High revenue: Since you show both personalized and non-personalized ads, you will get a high CPM for your ad space, and eventually, that will increase your revenue. This suits you if you are a publisher getting potential traffic from Europe.

Regulation compliance: If you are a publisher focused on targeted advertising, TCF makes it easier with the standardized framework to work with multiple vendors and reduces the risk of non-compliance.

Gain user trust: With Google-certified CMP that is integrated with IAB TCF v2.2, you give transparency and control to the users they expect. It will help in targeted advertising, and you can easily gain user trust.

What Publishers Have to Do Next?

Publishers should take the next step to find Google-certified CMPs or certify their CMPs

  • The publishers who already work with the CMP should go on discussion with them to attain certification for a smooth transition.

  • The publishers with their CMP must get it certified by registering their interest in completing the certification.

  • For publishers not working with any CMP or not having their CMP, consider selecting one from the Google-certified CMP lists.

  • Publishers who use Google’s Privacy and Messaging GDPR user consent messages are encouraged by Google to select the CMP that best fits them. The GDPR user consent messages available in the privacy and messaging tab are made TCF-compliant by Google to support publishers.


Consistent Consent: Upholding User Trust

As Google has been the light-bearer of creating a user-centered digital ecosystem, it joined hands with the IAB TCF industry standard to experience consent consistency. This initiative helps parties involved, such as publishers, vendors, and CMPs, to serve ads and content in a compliant way. It put all of them on a single page to collect and manage data processing.

So, if you are a publisher who gets traffic from EEA and UK users, search for Google-certified CMPs or get your CMPs certified by Google. Continue to serve personalized and non-personalized ads for your potential traffic in EEA and UK and relish the maximum ad revenue.





3 views0 comments

Comments


bottom of page