IAB Frameworks
Transcend Consent Management is a registered and certified CMP with the International Advertising Bureau (IAB) and provides support for a number of their consent signaling mechanisms. There are several regional frameworks, including the US Privacy API (USP API), and Transparency and Consent Framework (TCF). These disparate regional frameworks are being consolidated under IAB's latest framework, the Global Privacy Platform (GPP).
Each IAB framework offers a method for ad vendors to check for user preferences such as opt-outs or consent preferences. It is important to understand that the IAB signaling frameworks do not explicitly block or otherwise enforce what ad vendors are able to collect from your webpage. Making a consent string available for advertisers to read does not necessarily mean your ad vendors will read it, or honor it.
If you plan to rely on IAB signals for enforcing user consent instead of directly regulating data collection by blocking tracking data flows or cookies, then it's important that you verify vendors are members of the relevant framework and that they honor user preferences in a way that satisfies your requirements.
The US Privacy signal is officially deprecated. It will be replaced by the US State specific sections of the Global Privacy Platform (GPP). Learn more about configuring GPP with Transcend Consent Management here.
The US Privacy API (USP API) helps signal Do Not Sell or Share opt-out choices from users in California to vendors who support this framework.
Enabling the USP API within Transcend will expose an API at window.__uspapi() for on-page vendors to check user opt-outs, in accordance with IAB's USP API specification. To learn more about the function interface, see IAB's USP API specification.
The USP API can be used in conjunction with airgap.js. It is simply an additional signaling layer on top of the consent enforcement functionality of airgap.js.
You can enable the USP API by toggling it on in your Consent Developer Settings.
As part of the USP API setup, you will need to communicate whether you have signed the IAB Multi-State Privacy Agreement (MSPA); this is an updated amendment of the Limited Service Provider Agreement (LSPA). Your response will affect the resulting privacy string that is generated. If you are unsure of your MSPA signatory status, visit the IAB Tech Lab Tools Portal to register or sign the agreement as necessary.
Alternatively, you can configure the USP API directly on your <script> tag by setting the data attributes data-uspapi="on" and data-signed-iab-agreement="yes" (or "no").
You may use the following command to check the privacy string:
window.__uspapi('getUSPData', 1, (uspData, success) => { if (success) { console.log(uspData); } else { console.log(uspData, success); } });
Note: The USP API string includes a parameter for whether "Notice/Opportunity to Opt Out" was provided. Transcend Consent Management considers both consent confirmation and UI prompted status as "Notice/Opportunity to Opt Out". If a user chooses to express the Global Privacy Control signal and that signal results in a confirmed opt-out of the sale/sharing of personal information, then the user is considered notified of their opportunity to opt out in your signal to on-page ad vendors.
IAB's TCF Framework helps parties involved in digital advertising, like publishers and their supporting vendors, comply with GDPR and the ePrivacy Directive when processing personal data and/or accessing or storing information on a user's device. When enabled, Transcend can display the framework-specific UI to users in the EU and generate a Transparency and Consent string to encode a user's consent choices. We then expose this string for TCF Registered vendors on the website to ingest and honor.
Learn how to configure the TCF Consent Experience in your Transcend instance through our use case guide.
Reccomended Reading:
Using TCF for compliance in Europe comes with more tradeoffs than the US Privacy framework, since it requires collecting consent for a different set of purposes in a rigid UI, and gives end-users the ability to specify consent choices at a vendor-level. It is most commonly used by publishers who are providing advertisements on their websites and wish to support passing consent to downstream vendors vendors via the framework. Ultimately the decision to use a framework like TCF depends on your business needs and should be made by evaluating your vendors and desired regulation and UI approach - let us know if you have questions or want to further discuss the pros and cons of various approaches.
Remember that you may have technologies on your sites that do not respect the TC String and can not be regulated by it.
As noted above in Configuration Step 4, we are able to enforce user consent as usual with our automatic blocking approach for scripts and cookies on the site that belong to vendors not registered with the IAB TCF. We do this by translating the TCF purposes into default purposes and then applying them as normal across your data flows and cookies. The only difference is that for a user in a Regional Experience with TCF configured we will allowlist the data flows and cookies belonging to TCF Vendors since they will instead rely on the TC String for consent information.
Ensure you follow our general Consent Management Documentation in addition to this TCF implementation guide to ensure full regulation of all relevant technologies across your site.
The goal of GPP is to harmonize IAB's separate regional consent frameworks, offering a single API at window.__gpp(). Transcend Consent Management supports GPP - this documentation will be updated soon with specific implementation steps. To learn more about the function interface, see IAB's USP GPP specification.