IAB TCF (Transparency and Consent Framework).

The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2. サイバーセキュリティの プライバシーとデータ保護 カテゴリに属します。

The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2.

The Transparency and Consent Framework (TCF) is IAB Europe's industry-wide framework for representing GDPR-compliant consent for advertising and analytics in the open-web ad-tech ecosystem. A Consent Management Platform (CMP) presents the user with the standardized consent UI listing purposes (e.g. 'create profiles to personalise content', 'measure ad performance'), vendor counts, and legitimate-interest claims; the resulting consent string — a base64-encoded structure conforming to the TCF v2.x specification — is passed via the IAB OpenRTB bid request to every SSP, DSP, and ad-tech vendor in the chain, who are expected to honour the encoded purposes and vendor opt-ins. The Belgian Data Protection Authority ruled in February 2022 that the original TCF v2.0 was itself a GDPR violation (insufficient transparency, IAB Europe acting as joint controller for the consent string), kicking off a multi-year remediation that produced TCF v2.2 (May 2023) with cleaner purpose text, mandatory vendor counts, and explicit information sources. A separate IAB Tech Lab US Privacy String (`USP_v1`) handles U.S. state-law signals. From a security/AppSec perspective, the TCF string is a critical input that should be validated and not blindly trusted as user identity.

IAB TCF (Transparency and Consent Framework) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: TCF, Transparency and Consent Framework, IAB TCF v2.2。