Skip to content

Transparency and Consent Framework (TCF)

agof and IVW, as downstream data processors of INFOnline GmbH, also called downstream vendors, have no access to the Consent Decision of a user in the TCF 2.0 Framework.

This results in the necessity for INFOnline GmbH to query the user's Consent Decision from the TCF 2.0 Framework in the measuring script via the TCF 2.0 API and to transmit it to the measuring system.

For this purpose, the IOLib interprets the consent information persisted in the memory provided for this purpose in accordance with the IAB TCF2.0 specification and transfers it into INFOnline's own consent string notation within the scope of automatic processing.

In the event that an own framework is used or no automatic determination of the TCF 2.0 Consent takes place for other reasons, the Publisher can transmit a Consent String via the use of manual processing.

The technical details for the integration of manual processing are listed under 2.0 Manual Processing.

note

As soon as TCF2.0 compatible Consent Data can be identified according to the IAB TCF2.0 specification, they are always transmitted during automatic processing. A Consent String defined during manual processing will be ignored in this case.

IAB-Vendoren

The following IAB Vendors are included in the current INFOnline Measurement:

Vendor-Nr. Vendor name Activated Purpose
Vendor 730 INFOnline 1, 8
Vendor 785 agof studies 1, 7, 9

Details of the vendors used:

Vendor 730 "INFOnline"

Purpose 1 (activated from 24.11.2021, consent required) (store or retrieve information on a device).
Purpose 8 (enabled, flexible) (measure content performance)

Vendor 785 "agof studies"

Purpose 1 (enabled, consent required) (store or retrieve information on a device). Purpose 7 (enabled, flexible) (Measure ad performance)
Purpose 9 (enabled, flexible) (Use market research to gain insights about the target audience)

Short information on TCF 2.0

The European General Data Protection Regulation (GDPR) defines almost all profile data collected via cookies or mobile ad identifiers as personal data. Anyone who collects visitor data on their web page must inform the user about its use. Especially with modern advertising mechanisms such as RTB/RTA (Real Time Bidding/Advertising), a highly complex chain of different service providers is created that are involved in the processing and enrichment of user data. It must be known at every point and at every time which tracking and targeting processes of a user are permitted - and which must be refrained from. The industry association IAB Europe has developed the "Transparency and Consent Framework" to ensure technical security. The amended version 2.0 was published in September 2019. It was rolled out on 15 August 2020.

In addition to the user, the TCF defines three other categories of actors: vendors, publishers and consent management platforms (CMPs).

  • Vendors are all service providers in the delivery chain who want to process data. They include, for example, website tracking systems, ad servers and adverification providers, demand and sell side platforms (DSPs and SSPs) and data management platforms (DMPs). Vendors must be registered with the TCF and declare the purposes for which they want to process data. With this information, they can be viewed via the so-called Global Vendor List (GVL).

  • Publishers provide content and are in direct contact with consumers.

  • Consent management platforms (CMPs) are specialised service providers that operate the privacy centres and consent screens on the web pages for publishers and advertisers and give the user the opportunity to consent or object. Within the framework of the TCF, they are responsible for providing the user's consent status to the delivery chain.

For the communication between the different parties, the so-called signalling, the TCF defines a standardised nomenclature. For each vendor integrated by a publisher or advertiser on the pages, it is transmitted for the individual processing purposes whether the data processing is permitted and whether the user has made an explicit Opt-out.

In version 2.0, the TCF distinguishes between ten different purposes (Purposes) for the processing of tracking data. These are supplemented by a total of seven additional processing options and purposes that regulate special use cases and their legal basis.

Application ID Purpose Legal basis
Setting cookies 1 Storing and/or retrieving information on a device Consent or not used
Technical targeting 2 Selecting simple ads Consent, legitimate interest or not used
Profile targeting 3 Creating a personalised ad profile Consent, legitimate interest or not used
Technical Targeting 4 Select personalised ads Consent, legitimate interest or not used
Technical Targeting 5 Create a personalised content profile Consent, legitimate interest or not used
Technical targeting 6 Select personalised content Consent, legitimate interest or not used
Tracking and market research 7 Measure ad performance Consent, legitimate interest or not used
Tracking and Market Research 8 Measure Content Performance Consent, legitimate interest or not used
Tracking and Market Research 9 Use market research to gain insights about target groups Consent, legitimate interest or not used
Product Development 10 Develop and improve products Consent, legitimate interest or not used

Table 1: Overview of Purposes

Application ID Purpose Legal basis
Accurate location data and retrieval of device properties for identification 1 Use accurate location data Consent or not used
Use exact location data and query device properties for identification 2 Actively query device properties for identification Consent or not used

Table 2: Overview of Special Features


Last update: April 7, 2022