1. Knowledge Base
  2. Privacy and Consent

General Data Protection Regulation (GDPR) and Transparency and Consent Framework (TCF)

GDPR

The EU General Data Protection Regulation (GDPR) is a regulation that came into effect back in 2018 as one of the toughest privacy and security laws in the world.

All organizations, regardless of their location, are required to comply with it if they target, collect, or process data related to people in the EU.

In order to collect and process data from your site users, you need to gain their clear consent to do so. The GDPR regulations define consent in the following way:

  • Must be “Freely given, specific, informed and unambiguous.”
  • Requests for consent must be “clearly distinguishable from the other matters” and presented in “clear and plain language.”
  • Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. You can’t simply change the legal basis of the processing to one of the other justifications.
  • Children under 13 can only give consent with permission from their partners.
  • You need to keep documentary evidence of consent.

Those who do not comply with these regulations may face harsh fines reaching into the tens of millions of euros.

More information about GDPR can be found here

The General Data Protection Regulation (GDPR) in full.

The IAB Europe Transparency and Consent Framework

The Transparency and Consent Framework (TCF) was initiated by the Internet Advertising Bureau Europe to help all parties who display and manage digital advertising to comply with the GDPR regulations and ePrivacy Directive (ePD) when processing personal data and/or accessing and/or storing information on a user’s device.

It allows passing the consent signal from a user to a vendor via the Consent Management Platform (CMP) which aims at showing, in a transparent way, the purpose of data collection and of its processing. 

All site owners, advertisers, and technology partners targeting, collecting, or processing data of people in the EU are required to have a valid CMP present on their site in order to gain and pass users’ consent.

The CMP needs to be IAB approved (list of the IAB-compliant CMPs can be found here).

Venatus will provide you with a CMP free of charge as a part of the integration process.

TCF v. 2.0 

Launched on the 21st August 2019, TCF v2.0 is an update on the previous TCF v.1.1. It provides users and publishers with even better transparency and control. Some of the definitions and descriptions of data processing purposes have been updated providing a greater understanding to users on how their data is used and who has been given the authorization to access it.

All parties targeting, collecting, or processing data of people in the EU are now required to support the new TCF v.2.0 standard. Venatus has partnered with Quantcast, the global leading CMP,  to provide a smooth transition to the new TCF v.2.0.

The deadline for adopting the new TCF v.2.0 is the 30th of September. If you run a 3rd party CMP, please ensure it’s IAB compliant. It is vital that publishers are compliant with TCF 2.0 before the cut off period (from October the 1st, TCF v.1.1 will no longer be valid). A failure to do so may result in your revenue being negatively affected.

CMP

More information can be found on IAB website.