Guidelines and Updates for TCF 2.0 Readiness
The IAB Europe Transparency & Consent Framework (TCF) gives the publishing and advertising industries a common structure to communicate consumer consent, for the delivery of online advertising and content in compliance with the EU’s GDPR and ePrivacy Directive. On August 21, 2019, IAB Europe launched the second iteration of TCF.
Important milestone dates:
- IAB Europe wants the industry to transition to TCF 2.0 by the end of Q2 2020.
- PubMatic will be ready to support TCF 2.0 from April 30, 2020.
- PubMatic will continue to support both v1.1 and v2 signals until all major DSPs support TCF 2.0.
What do you need to do?
- Define your legal basis for each of the purposes and make sure that you are listed into the IAB TCF v2 vendor list with a proper ID.
- Work with your CMPs to update your TCF version from 1.1 to 2.0.
To learn more:
- Transparency and Consent Framework (TCF) 2.0 FAQs
- IAB Europe Transparency and Consent Framework
- TCF v2.0 Fact Sheet – Vendors
- TCF v2.0 Recorded webinar - CMP & Vendors
If you have questions or need more assistant, contact your Customer Success representative.
This document explains how the RTB platform implements the General Data Protection Regulation (GDPR) and how to enable the GDPR compliance for different partners.
So far, few Personal Identifiable Information (PII) fields such as user location, IP, age, etc. are being used to deliver targeted ads to users. GDPR regulates the use of such PII fields when the user does not give consent to Ad vendors.
GDPR Impact in the RTB Platform
When the request from a page is a GDPR-regulated impression and the user does not give consent to PubMatic, then all such PII fields are cleared before performing deals and RTB requests. The GDPR-regulated impressions without user consent to PubMatic impact the following areas:
- Real Time Bidding
PubMatic does not send any PII fields through bid requests to a demand partner.
- PMP Deals
PubMatic does not evaluate any deals that are targeted on such PII fields.
- User matching
Cookies will not be shared with demand partners for matching with the user id.
- Audience Matching
Audience data will not be collected from data providers for any users that do not give consent to PubMatic. PubMatic does not use any PII fields that are already collected if the user does not give consent to PubMatic. Additionally, those fields will be deleted after 30 days automatically if the user continues to opt out of PubMatic.
GDPR Compliance for Publishers
By default, the GDPR compliance is applied to all requests coming from EU-region publishers. Publishers should get the consent from the user to PubMatic along with other vendors.
In all requests from a Publisher where there is no consent, PubMatic performs the ad serving as if the user has opted out of PubMatic; Publisher can also opt to get pass-back/blank ad in such case.
A Publisher level control is provided to specify the Publisher’s choice.
GDPR Compliance for DSPs
By default, the GDPR compliance is applied to all requests coming from the EU region. A DSP can opt for checking their consent and send the RTB requests only when they have the consent. They can also opt to receive all GDPR-regulated impressions if they are already compliant and can handle such requests on their side.
A campaign level control is provided to specify the DSP choice.
PubMatic sends the following GDPR consent information through RTB request to DSP:
gdpr=1 denoting that the impression is a GDPR regulated information
consent="consent data" - the consent information as received from the publisher page
How to Get Support
For any support related to GDPR implementation in the RTB platform please contact the technical support team at PubMatic.