Skip to main content

Announcement: Changes to Privacy Manager GDPR for Mobile SDK in Compliance With TCF v2.2 (8/11/23)

In line with the IAB’s recent updates to the Transparency and Consent Framework (TCF v2.2), we have made the necessary changes to our Privacy Manager GDPR for Mobile SDK to ensure compliance.

To assist app developers in completing their apps for approval to Google and Android on time, we have made the latest TCF v2.2 policy changes available in LiveRamp Console two weeks in advance of the enforcement date set by the IAB.

See all the changes we made below to our mobile CMP to provide users with more standardized information and choices regarding the processing of their personal data.

Caution

This update requires LRPrivacyManagerSDK v2.0.0.

Changes in the CMP and Console

Privacy Manager GDPR for Mobile SDK has made the following changes in the CMP and Console to be compliant with TCF v2.2:

  • The legal text on the second layer in the CMP has been removed and replaced by user-friendly descriptions on the Purpose details page - supplemented by examples of real-use cases (illustrations).

  • Purposes and features’ names and descriptions have been updated with new descriptions.

  • In the first and second layers, the CMP UI will disclose the number of third-party Vendors that are seeking consent or pursuing data processing purposes on the basis of their legitimate interests.

  • We have disabled the ability to opt-out of showing "Reject All" button on the second layer in the Privacy Manager to ensure that users can resurface the CMP UIs and withdraw consent easily. See Customize the Look and Feel (GDPR for Mobile) to learn more.

  • Deprecation of the getTCData command and requirement for other vendors on the page to use eventListeners, where applicable. Vendors that have stated they have migrated to TCF v2.2 won’t make use of the deprecated getTCData command. See the list of these vendors here.

  • Vendors and CMPs are required to provide additional information about their data processing operations - so that this information can in turn be disclosed to end-users on the second layer on the Vendor details page.

Important

All consent strings provided before November 20 will still be valid.

Preparing for TCF v2.2

Participants of TCF have until 20 November 2023 to adopt TCF v2.2 and make the necessary changes to their respective implementations.

You don't necessarily need to make any changes in your CMP configuration in LiveRamp Console to be compliant, however, we recommend you do the following to be sure that your implementation is TCF v2.2 compliant:

  • The new TCF v2.2 policies do not require publishers to resurface the CMP to re-establish consent, but you should review the information you provide in your CMP configuration in addition to the information required under TCF v2.1, and make a case-by-case determination as to whether re-establishing consent is necessary in accordance with their local Data Protection Authority’s requirements. 

  • Contact your vendors to make sure they are compliant with TCF v2.2 or check if they are included in the Global Vendor List. Make sure the vendors you are working with are able to provide all the following information:

    • Categories of data collected

    • Retention periods on a per-purpose basis

    • Legitimate interests claim where applicable

  • Make sure you remove all dependencies with the getTCData command if you are using it in your implementation. You can instead add an addEventListener and use its callback function to access the tcData object. To learn more, see API Reference Android SDK (GDPR Mobile) and API Reference iOS SDK (GDPR Mobile).

In this section: