IAB TCF v2 compliance
The consentmanager.net CMP is registered with the IAB TCF Policy v2 (see https://iabeurope.eu/tcf-2-0/). The CMP therefore supports features in line with the IAB TCF Policy, the IAB Consent String Specification, the IAB CMP API Specification and other related specifications and policies.
ConsentManager.net IAB Registration Information
|CMP is a service||yes|
Sharing consent via global consent cookies (consensu.org)
As a registered IAB CMP the consentmanger.net CMP is able to create cookies on the global IAB consent Domain consensu.org. Any CMP that is registered with the IAB can create cookies with this context. The benefit of having this common domain is that visitors who move from website A to website B do not need to be asked for consent again. Instead the CMP of website B can simply ready the pre-existing consent of website A through the global cookie domain.
IAB Policy and Design restrictions
The goal of the IAB policy is to ensure that all vendors who receive an IAB consent string are safe to trust that the consent string has been created with a common set of transparency. Therefore all CMP need to follow a certain minimum standard regarding the presentation of the consent layer. The IAB currently requires CMPs to comply with the following minimum design standards to be present (questions answered with "Yes"):
Does the UI show Purposes and Features with their standard names or Stacks?
Can users review the standard legal text?
If the UI includes non-TCF Vendors, are they presented separately?
Is the UI prominently displayed, covering most of the website content?
Is a link to resurface the UI easily accessible?
Is the user able to withdraw their consent as easily as it was to give it?
Does the 1st layer of the UI provide information about the storage and access of information from the user’s device by the publisher and third-party vendors?
Does the 1st layer of the UI provide information about the processing of personal data by the publisher and third party Vendors?
Does the 1st layer of the UI provide an example of personal data processed?
Is there a direct link to the list of third parties in the 1st layer of the UI?
Does the 1st layer of the UI provide information about the Purposes and/or Stacks and Special Features used by third parties?
Is there information about the consequences of consenting or not in the 1st layer of the UI?
Does the 1st layer of the UI provide information about the scope of the consent choice, i.e. global consent, service-specific consent, or group-specific consent?
Does the 1st layer of the UI inform the user that they can withdraw their consent at any time and how to do so?
Does the 1st layer of the UI provide information about third party Vendors processing personal data based on legitimate interest (if any)?
Does the 1st layer of the UI advise the user of their right to object to their personal data being processed on the basis of legitimate interest (if any)?
Are there calls to action in the 1st layer for users to express consent (e.g. 'Accept') and customize their choices (e.g. 'Manage options')?
Does the 2nd layer allow users to make granular and specific opt-in choices with respect to each Special Feature?
Are user choices set to 'off' by default?
If legitimate interest is used by any Vendors as a legal basis, does the information in the 2nd layer specify the nature of processed information and its scope?
If legitimate interest is used by any Vendors as a legal basis, does the 2nd layer allow users to object to the processing of their personal data, per Purpose and per Vendor?
- Calls to action in a Framework UI must not be invisible, illegible, or appear disabled. While calls to action do not need to be identical, to ensure they are clearly visible, they must have matching text treatment (font, font size, font style) and, for the text of each, a minimum contrast ratio of 5 to 1. To the extent that an Initial Layer has more than two calls to action, this policy only applies to the two primary calls to action.
Example of an IAB TCF v2 compliant consent layer
The ConsentManager.net reference implementation (default design and default settings) therefore reflect these design standards. Here is an example how this can look:
How ConsentManager.net deals with the IAB Policy
ConsentManager allows our clients to choose between the settings they need for their business and the settings that are necessary to be compliant with the IAB policy. Therefore we highlight each setting that is relevant for IAB compliance. If one of these settings is deactivated or if a setting is activated that causes the CMP to be non-compliant with the IAB policy, a warning message will appear.
What happens if I use settings that are not compliant with the IAB policy?
If you use settings that are not compliant with the IAB policy, the system will display a warning message in order to inform you about these settings and the consequences. If a non-compliant setting is saved and the CMP is used on a website, the system will perform the following changes compared to IAB policy compliant settings:
__tcfapi()with the standard commands (e.g.
"getTCData") in order to prevent vendors from getting non-compliant consent information.
- The CMP will provide new commands with the prefix
"noncompliant_getTCData") in order to allow clients to be able to retrieve consent information from the CMP.
- The CMP will no longer write the consent information (consent string) into the global cookie domain (consensu.org) but will store it in a cookie on consentmanager.net domain. At the same time, the naming of cookie
"euconsent-v2"will be changed to
It is important to highlight, that your CMP will still continue to function as before and can still be used with tag managers or adblocking/postponing logics and so on. If you and your partners do not rely on the IAB TCF signals, the above mentioned changes will have no effect on your website.
- IAB CMP Validator: https://iabeurope.eu/all-news/iab-europes-cmp-validator-for-the-transparency-consent-framework-tcf/
- IAB TCString Format Specification v2: https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20Consent%20string%20and%20vendor%20list%20formats%20v2.md
- IAB CMP API Specification v2: https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md
- IAB TCF Policy v2: https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/