IAB TCF (Transparency and Consent Framework)
Was ist IAB TCF (Transparency and Consent Framework)?
IAB TCF (Transparency and Consent Framework)The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2.
The Transparency and Consent Framework (TCF) is IAB Europe's industry-wide framework for representing GDPR-compliant consent for advertising and analytics in the open-web ad-tech ecosystem. A Consent Management Platform (CMP) presents the user with the standardized consent UI listing purposes (e.g. 'create profiles to personalise content', 'measure ad performance'), vendor counts, and legitimate-interest claims; the resulting consent string — a base64-encoded structure conforming to the TCF v2.x specification — is passed via the IAB OpenRTB bid request to every SSP, DSP, and ad-tech vendor in the chain, who are expected to honour the encoded purposes and vendor opt-ins. The Belgian Data Protection Authority ruled in February 2022 that the original TCF v2.0 was itself a GDPR violation (insufficient transparency, IAB Europe acting as joint controller for the consent string), kicking off a multi-year remediation that produced TCF v2.2 (May 2023) with cleaner purpose text, mandatory vendor counts, and explicit information sources. A separate IAB Tech Lab US Privacy String (`USP_v1`) handles U.S. state-law signals. From a security/AppSec perspective, the TCF string is a critical input that should be validated and not blindly trusted as user identity.
● Beispiele
- 01
A publisher's CMP shows the TCF v2.2 consent UI to EU visitors, encodes the resulting choice into a TC string, and propagates it via OpenRTB to bidders.
- 02
An ad-tech vendor checks the TCF string on each request and refuses to process the bid request for purposes that the user has not opted into for that vendor.
● Häufige Fragen
Was ist IAB TCF (Transparency and Consent Framework)?
The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2. Es gehört zur Kategorie Datenschutz der Cybersicherheit.
Was bedeutet IAB TCF (Transparency and Consent Framework)?
The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2.
Wie funktioniert IAB TCF (Transparency and Consent Framework)?
The Transparency and Consent Framework (TCF) is IAB Europe's industry-wide framework for representing GDPR-compliant consent for advertising and analytics in the open-web ad-tech ecosystem. A Consent Management Platform (CMP) presents the user with the standardized consent UI listing purposes (e.g. 'create profiles to personalise content', 'measure ad performance'), vendor counts, and legitimate-interest claims; the resulting consent string — a base64-encoded structure conforming to the TCF v2.x specification — is passed via the IAB OpenRTB bid request to every SSP, DSP, and ad-tech vendor in the chain, who are expected to honour the encoded purposes and vendor opt-ins. The Belgian Data Protection Authority ruled in February 2022 that the original TCF v2.0 was itself a GDPR violation (insufficient transparency, IAB Europe acting as joint controller for the consent string), kicking off a multi-year remediation that produced TCF v2.2 (May 2023) with cleaner purpose text, mandatory vendor counts, and explicit information sources. A separate IAB Tech Lab US Privacy String (`USP_v1`) handles U.S. state-law signals. From a security/AppSec perspective, the TCF string is a critical input that should be validated and not blindly trusted as user identity.
Wie schützt man sich gegen IAB TCF (Transparency and Consent Framework)?
Schutzmaßnahmen gegen IAB TCF (Transparency and Consent Framework) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für IAB TCF (Transparency and Consent Framework)?
Übliche alternative Bezeichnungen: TCF, Transparency and Consent Framework, IAB TCF v2.2.
● Verwandte Begriffe
- privacy№ 233
Consent Management
Prozesse und Werkzeuge zur Erhebung, Dokumentation, Aktualisierung und Durchsetzung von Nutzerzustimmungen für die Verarbeitung personenbezogener Daten und das Setzen von Cookies gemäß Datenschutzrecht.
- privacy№ 494
Global Privacy Control (GPC)
A browser-level signal — an HTTP header and a JavaScript property — by which a user expresses a 'do not sell or share' opt-out, given binding legal force in California (CCPA/CPRA) and Colorado (CPA) regulations.
- compliance№ 488
DSGVO
Datenschutz-Grundverordnung der Europäischen Union, die die Verarbeitung personenbezogener Daten von Personen in der EU und im EWR regelt.
- privacy№ 1263
Drittanbieter-Cookie
Cookie, das von einer anderen Domain als der in der Adresszeile gesetzt wird und historisch zur seitenübergreifenden Verfolgung von Nutzern dient.
- privacy№ 914
Personenbezogene Daten (PII)
Daten, die allein oder in Kombination mit anderen Informationen eine bestimmte Person identifizieren können, z. B. Namen, Identifikatoren oder biometrische Merkmale.
- compliance№ 167
CCPA
California Consumer Privacy Act — US-Datenschutzgesetz des Bundesstaates Kalifornien, das Kalifornierinnen und Kaliforniern Rechte über ihre personenbezogenen Daten gewährt.
● Siehe auch
- № 299Dark Patterns