From January 31st, after a number of modifications to the TCF v2, the TCF v2.1 will become the new version of the Transparency and Consent Framework. We have worked hard to allow our clients to set-up their fully TCF v2.1-compliant consent notices on web and AMP, and you can now do it on the Console. So, what are the main changes? How can you now switch to TCF version 2.1 easily? Carry on reading to find out.
Why the need for TCF v2.1?
You might be feeling confused. “TCF v2.1? I thought we’d only recently agreed upon the TCF v2?”. Yes, back in April the IAB announced the release of the TCF v2, a new Transparency and Consent Framework (TCF) that aimed to enforce compliance with privacy regulation by proposing common rules for the processing of personal data or the access and storage of information such as cookies, advertising identifiers, device identifiers and other tracking technologies.
Despite certain delays to deadlines due to the Covid-19 pandemic, companies began to make the transition from TCF v1 to TCF v2, and even Google announced that it would join the standard, incentivizing publishers to make the switch. To help you understand the changes and ensure a smooth transition, we published a TCF v2 transition guide detailing the 10 steps to execute before the deadline.
But, then a small German company named Planet 49 threw a spanner in the works…
What is the Planet 49 case?
Planet 49 is a German online lottery company that used two pre-ticked checkboxes on its login page for the online lottery. Sounds minor, but this sparked fierce debate, as privacy professionals wanted clear answers to three main questions:
Is cookie consent collected through pre-ticked boxes valid?
What type of cookie information should be made available to the user to obtain a valid consent?
Should consent only be collected for cookies used to read or access personal data?
The Court of Justice of the European Union (CJUE) presented a final ruling in which it stated that pre-ticked boxes and the bundling of data collection purposes are forbidden to collect valid consent, regardless of whether they are used to access personal or non-personal data.
Also, users should be informed of the expiration date of cookies, as well as all third-parties reading or setting cookies on the website, before being able to consent.
The CJUE also expressed that "an active behaviour with a clear view" to consent is needed to collect a valid consent, effectively putting an end to using scrolling or continued browsing as a consent mode (for a more detailed report on the Planet 49 case, check out our article dedicated to the subject).
Subsequent to the ruling, the IAB's Transparency and Consent Framework organisation passed an amendment to its policies to support the changes required by the Planet 49 ruling. This is why we now have the TCF 2.1.
What are the main changes of the TCF v2.1?
So, what are the main changes? Here's what the TCF v2.1 guidelines state:
TCF vendors are required to disclose the maximum duration of cookies created on devices
TCF vendors are required to disclose whether non-cookie methods of storage or accessing information are used (like local storage, IndexedDB, etc.).
TCF vendors are required to disclose the full list of information stored on devices with their identifier, duration, domain, type, and purposes.
What do these changes look like in the Didomi Console?
Our team has worked hard to reflect these updated guidelines in our Console, making Didomi's CMP fully compatible with TCF v2.1. Our consent notices fully support TCF v2.1 and disclose information for every vendor. For Didomi clients, changing to the new, updated Transparency & Consent Framework is easily achievable in the Didomi Console.
As can be seen in the above screenshot, the user is given the possibility to set their consent preferences for every partner listed individually. By clicking on the partner name, the user is able to access more information on what it does, what data is being collected, and how the data is used. The type, domain, expiration and purposes are clearly indicated.
How do I achieve new TCF compliance?
Good news! If you are a Didomi client, you do not have to worry. Consent notices for Web and AMP have been automatically updated to support TCF v2.1. There is nothing technical to do on your side.
All that needs to be done is to ensure that, for mobile (Android and iOS) and Unity, you have updated your apps to use the following versions of our SDKs:
Android SDK 1.30.0 (or newer)
iOS SDK 1.42.0 (or newer)
Other than that, you’re done!
To ensure full compliance with the TCF, the TCF integration will be automatically disabled for SDK versions prior to the versions listed above at a later date.
Not a Didomi client, but want to achieve TCF 2.1 compliance?
There’s still time before January 31st to switch over to TCF 2.1. Get in contact with us today to find out how Didomi can ensure a swift and easy transition for your company.
We’d be happy to help!