Skip to main content

Announcement: Privacy Manager GDPR for Web Has Been Updated in Compliance With TCF v2.2 (20/11/23)

In line with the IAB’s recent updates to the Transparency and Consent Framework (TCF v2.2), we have made the necessary changes to our Privacy Manager GDPR for Web to ensure compliance.

See all the changes we made below to our CMP to provide users with more standardized information and choices regarding the processing of their personal data.

Changes in the CMP and Console

Privacy Manager GDPR for Web has made the following changes in the CMP and Console to be compliant with TCF v2.2:

  • The legal text on the second layer in the CMP has been removed and replaced by user-friendly descriptions on the Purpose details page - supplemented by examples of real-use cases (illustrations).

  • Purposes and features’ names and descriptions have been updated with new descriptions.

  • In the first and second layers, the CMP UI will disclose the number of third-party Vendors that are seeking consent or pursuing data processing purposes on the basis of their legitimate interests.

  • We have disabled the ability to opt-out of showing "Reject All" button on the second layer in the Privacy Manager to ensure that users can resurface the CMP UIs and withdraw consent easily. See Customize the Look and Feel (GDPR for Web) to learn more.

  • Deprecation of the getTCData command and requirement for other vendors on the page to use eventListeners, where applicable. Vendors that have stated they have migrated to TCF v2.2 won’t make use of the deprecated getTCData command. See the list of those vendors here.

  • Vendors and CMPs are required to provide additional information about their data processing operations - so that this information can in turn be disclosed to end-users on the second layer on the Vendor details page.

Important

All consent strings provided before November 20 will still be valid.

Preparing for TCF v2.2

You don't need to make any changes in your CMP configuration in LiveRamp Console, however, we recommend you do the following to be sure that your overall implementation is TCF v2.2 compliant:

  • The new TCF v2.2 policies do not require publishers to resurface the CMP to re-establish consent, but you should review the information you provide in your CMP configuration in addition to the information required under TCF v2.1, and make a case-by-case determination as to whether re-establishing consent is necessary in accordance with their local Data Protection Authority’s requirements. 

  • Contact your vendors to make sure they are compliant with TCF v2.2 or check if they are included in the Global Vendor List. Make sure the vendors you are working with are able to provide all the following information:

    • Categories of data collected

    • Retention periods on a per-purpose basis

    • Legitimate interests claim where applicable

  • Make sure you remove all dependencies with the getTCData command if you are using it in your implementation. You can instead add an addEventListener and use its callback function to access the tcData object. To learn more, see API Reference (GDPR for Web).

In this section: