IAB Frameworks

Transcend Consent Management is a registered and certified CMP with the International Advertising Bureau (IAB) and provides support for a number of their consent signaling mechanisms. There are several regional frameworks, including the US Privacy API (USP API), and Transparency and Consent Framework (TCF). These disparate regional frameworks are being consolidated under IAB's latest framework, the Global Privacy Platform (GPP).

Each IAB framework offers a method for ad vendors to check for user preferences such as opt-outs or consent preferences. It is important to understand that the IAB signaling frameworks do not explicitly block or otherwise enforce what ad vendors are able to collect from your webpage. Making a consent string available for advertisers to read does not necessarily mean your ad vendors will read it, or honor it.

If you plan to rely on IAB signals for enforcing user consent instead of directly regulating data collection by blocking tracking data flows or cookies, then it's important that you verify vendors are members of the relevant framework and that they honor user preferences in a way that satisfies your requirements.

Configuration of these frameworks is gated by a toggle in Developer Settings. If you want to start communicating these signals to ad vendors, you need to first go enable the toggle and then configure the individual frameworks.

The toggle which enables IAB Frameworks

The US Privacy signal is officially deprecated. It was replaced by the US National sections of the Global Privacy Platform (GPP). Learn more about configuring GPP with Transcend Consent Management here.

The US Privacy API (USP API) helps signal Do Not Sell or Share opt-out choices from users in California to vendors who support this framework.

As part of the USP API deprecation, Transcend will no longer provide a window.__uspapi() function for ad vendors to self regulate with. If you wish to continue using the USP API signal client side, you will need to first enable GPP for the desired regional experience and then add this function stub that parses the GPP string and returns its USP equivalent:

window.__uspapi = (_, __, cb) =>
  __gpp('getFullString', (data) => cb(data.match(/1[YN-]{3}/)?.[0], true));

Note: The USP API string includes a parameter for whether "Notice/Opportunity to Opt Out" was provided. Transcend Consent Management considers both consent confirmation and UI prompted status as "Notice/Opportunity to Opt Out". If a user chooses to express the Global Privacy Control signal and that signal results in a confirmed opt-out of the sale/sharing of personal information, then the user is considered notified of their opportunity to opt out in your signal to on-page ad vendors.

IAB's TCF Framework helps parties involved in digital advertising, like publishers and their supporting vendors, comply with GDPR and the ePrivacy Directive when processing personal data and/or accessing or storing information on a user's device. When enabled, Transcend can display the framework-specific UI to users in the EU and generate a Transparency and Consent string to encode a user's consent choices. We then expose this string for TCF Registered vendors on the website to ingest and honor.

Learn how to configure the TCF Consent Experience in your Transcend instance through our use case guide.

Recommended Reading:

Using TCF for compliance in Europe comes with more trade-offs than the US Privacy framework, since it requires collecting consent for a different set of purposes in a rigid UI, and gives end-users the ability to specify consent choices at a vendor-level. It is most commonly used by publishers who are providing advertisements on their websites and wish to support passing consent to downstream vendors via the framework. Ultimately the decision to use a framework like TCF depends on your business needs and should be made by evaluating your vendors and desired regulation and UI approach - let us know if you have questions or want to further discuss the pros and cons of various approaches.

Remember that you may have technologies on your sites that do not respect the TC String and can not be regulated by it.

As noted above in Configuration Step 4, we are able to enforce user consent as usual with our automatic blocking approach for scripts and cookies on the site that belong to vendors not registered with the IAB TCF. We do this by translating the TCF purposes into default purposes and then applying them as normal across your data flows and cookies. The only difference is that for a user in a Regional Experience with TCF configured we will allowlist the data flows and cookies belonging to TCF Vendors since they will instead rely on the TC String for consent information.

Ensure you follow our general Consent Management Documentation in addition to this TCF implementation guide to ensure full regulation of all relevant technologies across your site.

The goal of GPP is to harmonize IAB's separate regional consent frameworks, offering a single API at window.__gpp(). Transcend Consent Management currently supports GPP's USP and USNAT strings with its GPP API implementation. Once IAB frameworks have been enabled, navigate to the Regional Experiences tab within Consent Management and check the box in the Enable GPP column for the experiences you want to emit these signals.

The checkboxes which enables GPP for a regional experience

Once these boxes have been checked, another deploy will need to be run before these signals will start populating in the browser environment. Once a deploy has been run, to verify that the signal has been made available, run the following:

window.__gpp('getFullString', 1, (gppString) => {
  console.log(gppString);
});

To learn more about the function interface, see IAB's USP GPP specification. To inspect the IAB provided code that Transcend is working with, see its NPM package page.