Bird's Eye View

TCF 2.0: Just another privacy update or are wider implications pending?

Back in August, TCF 2.0, the latest iteration of the transparency and consent framework from IAB Europe was released, but you’d be forgiven for not having noticed. Despite having been in the works for the best part of a year and receiving input from a lot of the ad tech world, TCF 2.0 doesn’t seem to have been met with the same uncertainty and trepidation as the likes of GDPR and other e-privacy directives. But why?

Originally announced back in August 2019, maybe the lack of clarity on punishment for non-compliance and ambiguity on deadlines for enforcement meant that board-level discussion hadn’t been triggered in the same way as GDPR. Perhaps the uncertainty and instability that comes with a global pandemic have drawn attention away from the matter. Either way, this update doesn’t seem to have landed with the same impact, and with a number of advertisers still not having fully compliant websites it doesn’t show any initial signs of change. Only this week are we starting to see moves from the ad world, and most noticeably of all, from Google.

Google has now added a compulsory snippet of code to all ad server tracking tags that will check a publisher’s CMP  for the level of cookie acceptance of a user, before making the call to the ad server to serve the designated ad. This obviously places a lot of pressure on publishers to make sure they have a fully functioning CMP that allows the pass back of that information. Despite no official comment from Google, it’s hard to imagine that there wouldn’t be a consequence of that data not being retrievable.  On the other side of the fence, publishers (and specifically DSPs) are now starting to make changes as well.  Most have been subtle, however, Crimtan have explicitly called out changes that need to be made to pixels on clients’ sites to allow for the pass back of opt-in data and Quantcast won’t work with advertisers who don’t gain opted-in consent.

This is a sign of things to come for advertisers. Currently, the responsibility to ensure compliance sits with the advertiser and if they chose to have no CMP they can still run activity without restriction. Despite being the ones taking full legal responsibility it’s likely that the optional nature of the current situation will change, and market-leading platforms will demand a CMP in order to run campaigns. Whilst there is still some debate over the optimal timing to switch CMP settings from auto-opt into auto opt-out there can be no dispute that you should have an EU compliant CMP in place across your site.

At The Kite Factory, we have been encouraging and helping clients (with non-legal advice) to get their CMP strategy into a good place ahead of the ongoing changes such as these in the industry. We have a close eye on the developments in the ad tech sector and will be working very closely with clients and platform partners to ensure that we are at the forefront of compliance whilst minimising impact on performance.

If you would like to find out more about how we approach this area, please  get in touch.