Schedule a demo
Login to console
IAB logo
  • TCF v2

Missed the August 15th deadline for TCF v2 ? Here’s what you need to do before it's too late.

October 27, 2021 by Amy Arnell

Recently, the IAB Transparency and Consent Framework (TCF) has implemented its version 2, standardising purposes and consent collection across the entire industry. The deadline for switching over to TCF v2 was the 15th August, but the period between now and 30 September (when v1 consent strings will no longer be valid) acts as a type of additional delay in which to replace v1 consents with v2 permissions. So, there is still some time left! How close are you to the finish line? Didomi is here to assist your business in a last-minute switchover, or to give you some final tips on the creation of a TCF v2 compliant consent notice. 





What is TCF v2 ? 

TCF is a standard for collecting and transmitting user consent across the digital advertising industry. It was created in 2018 by the IAB Europe and the IAB Techlab, and defines how consent is transmitted between adtech players, from the publisher to the demand-side. Version 2 of the TCF was implemented on August 15th, and publishers must make sure they are well prepared; TCF v2 is not backwards compatible with TCF v1, and some significant changes must be made to ensure compliance. 


What are the 10 simple steps to ensure TCFv2 compliance? Download the Didomi TCFv2 Checklist to find out!  


Download our checklist


Concerned about what this means for your business? Organise a free 30 min assessment call with a TCF v2 expert at Didomi. 


Schedule a demo

Carry on reading for more information on TCF v2 requirements, or watch the replay of our recent webinar on youtube: 




First layer consent notice requirements 


The collecting, storing and analysing of data via a Consent Management Platform (CMP) is paramount, not only in terms of transparency and user information, but also in terms of monetisation. As of August 15th, both commercial and in-house CMPs must now be registered and pass the IAB’s compliance checks. In order to ensure compliance, changes must be made to all layers of your company’s consent notice. 


Discover our CMP


These are the main changes that must be implemented into the UI first layer : 


Purposes and/or Stacks - 

The first layer must inform users about the Purposes and/or Stacks, as well as special features by both the owner of the website, and also its third parties. Whilst in TCF v1 it was possible to use tooltips or expansion options to show this information, it must be immediately visible in TCF v2. 


UI prominence and calls to action - 

UI needs to be prominently displayed and must cover most of the website content. Calls to action must be included in the first layer of the consent notice, and must allow users to express their consent (e.g. - “accept”, “agree”, “approve”), and also to customise their choices (e.g. - “advanced settings”, “customise choices”, etc.). 


The IAB recommends - but does not require - that the choices be of equal visual importance so as not to influence the user. So, try to avoid having a small "learn more" button and a huge "accept cookies" button, for example, as this is not appreciated by users (nor data protection authorities). Be aware, however, that perfect symmetry between "accept" and "decline" is not required by TCF on this first consent interface.


But, French companies, note that this is different to what is likely to be announced by the CNIL, where both “accept” and “refuse” will have to appear. We will keep you updated on any future CNIL recommendations on our blog, or feel free to contact us for more information - our team would be happy to answer any questions. 


Discover Didomi for Compliance


Other first layer requirements - 

Another first layer requirement is an example of personal data being processed, such as a mention to IP addresses and cookie identifiers in a web banner. It must be clearly indicated that users are able and have the right to modify their consent choices at any time. 


Data processing and legal bases - 

The new version of TCF includes use of legitimate interest as a legal basis for personal data processing. Vendors can be flexible and use either legitimate interest or consent as a legal basis. This leaves the end choice to the publisher, giving them more control. For example, Google uses legitimate interest as a legal basis to process personal data on some purposes. 

To find out more about Google joining the TCF, and what this means for publishers, check out our blog post on this subject here.


Discover Didomi for Publishers


Do you have a question you need answered? Or would you just like some more information on Google and the TCFv2, from Google themselves? Sign up for the Didomi x Google Webinar on December 10th:  

AdOps Ask-Us-Anything: Collecting TCF-compliant consent with Didomi & Google




Personal data processed by third parties - 

Finally, you must indicate that data is stored and accessed from users’ devices by your organisation, and also by the third parties you work with. You need to have a link directly to the list of vendors used, and this must appear on the first layer of your notice. 




UI Second Layer requirements 


That’s all the main points for the first layer, now onto the second layer of the banner, when the user clicks on “learn more”. At Didomi, we call this the “preference view”.


User choices and preference 

This view gives users the option to make more granular choices when it comes to purposes. All purposes must be displayed in this view. Legitimate interest will then be set on “approved” by default - this view will allow users to oppose legitimate interest per purpose. Special features use legitimate interest as a basis, so they will be set as off by default in the Didomi CMP


Discover our CMP



UI Third Layer Requirements 


This layer provides more information about vendors. Users will be able to find information about every privacy policy linked to each vendor, and all purposes that are linked to a specific vendor. 


So, that’s a small introduction on what each layer of a TCF v2 compliant consent notice should look like. The Didomi CMP is registered with and compliant with the TCF v2, and we are here to guide you and help you in your transition process. Please contact us if you’d like to have more information on the subject!


Discover our CMP




Testing before going live 


Finally, before going live, there are a number of things you should test. 


Re-implement the CMP - Obviously, you will need to re-implement the CMP - if you stick with TCF v1, it is very likely that at the end of the quarter your monetisation will go down sharply, as TCF v2 is not backwards compatible with TCF v1. Compliance is key, but Didomi can also aid your company in optimising monetisation.


Double-check how you use purposes on your websites/apps - The IDs of the purposes are changing, so this all needs to be tested before you go live.


Validate with your vendors that they are ready to receive the updated consent string - Didomi is working closely with vendors and publishers to make sure that those vendors, including Google, are receiving the updated consent string.


How can Didomi help? 


By the end of September, the IAB will stop supporting TCF version 1 altogether, and V1 consent strings will not be compatible with V2. The deadline may have already passed, but, don’t worry, it is not too late for a last-minute switchover to TCF v2!


What are the 10 simple steps to ensure TCFv2 compliance? Download the Didomi TCFv2 Checklist to find out!  


Download our checklist


Undecided on whether TCF v2 is necessary for your business? Check out our blog post on why now is the right time to switch. Or, organise a demo with us today, and we will ensure a swift transition to TCF v2 compliance.


Schedule a demo



Related articles