IAB Frameworks

Transcend Consent provides support for the International Advertising Bureau (IAB) consent signaling mechanisms. There are several regional frameworks, including the US Privacy API (USP API), and Transparency and Consent Framework 2.0 (TCFv2). Soon, these disparate regional frameworks will be consolidated under IAB's latest framework, the Global Privacy Platform (GPP).

Each IAB framework offers a method for the ad vendors installed on your webpage to check for user preferences such as opt-outs or consent preferences. It is important to understand that the IAB signaling frameworks do not explicitly block or otherwise enforce what ad vendors are able to collect from your webpage. Making a consent signal available for advertisers to read does not necessarily mean your ad vendors will read it, or honor it.

If you plan to offer IAB signals to your ad vendors, instead of regulating their data collection via airgap.js, then it's important that you verify that each advertiser installed on your website supports these signaling frameworks, and that they honor user preferences in a way that is satisfactory to you.

IAB USP API (US Privacy API)

The US Privacy API helps signal Do Not Sell or Share opt-out choices from users in California.

Enabling the USP API will expose an API at window.__uspapi() for on-page vendors to check user opt-outs, in accordance with IAB's USP API specification. To learn more about the function interface, see IAB's USP API specification.

The US Privacy API can be used in conjunction with airgap.js. It is simply an additional signaling layer on top of the consent enforcement functionality of airgap.js.

You can enable the USP API in airgap.js by toggling it on in your Consent Developer Settings.

As part of the USP API signal, you will also signal whether you've signed the IAB LSPA. If so, you can check that box. If you've signed the new version, the MSPA, you can still check this box. To push your changes to your website, hit Set Changes Live.

Alternatively, you can configure the USP API directly on your <script> tag by setting the data attributes data-uspapi="on" and data-signed-iab-agreement="yes" (or "no").

You may use the following command to check the privacy string:

window.__uspapi('getUSPData', 1, (uspData, success) => {
  if (success) {
    console.log(uspData);
  } else {
    console.log(uspData, success);
  }
});

Note: The USP API string includes a parameter for whether "Notice/Opportunity to Opt Out" was provided. Transcend Consent considers both consent confirmation and UI prompted status as "Notice/Opportunity to Opt Out". If a user chooses to express the Global Privacy Control signal and that signal results in a confirmed opt-out of the sale/sharing of personal information, then the user is considered notified of their opportunity to opt out in your signal to on-page ad vendors.

IAB TCFv2 (Transparency and Consent Framework)

Using TCFv2 in Europe comes with more tradeoffs, since it requires collecting consent for a different set of purposes, and gives end-users the option to opt in for particular vendors. Thus, it comes with a different consent interface, and is typically used instead of airgap.js. Please reach out to Transcend support to fully configure this, as it may require custom scripts.

You can enable TCFv2 by toggling it on in your Consent Developer Settings where it says "TCF Configuration". The framework is automatically equipped with the most current up-to-date official IAB vendors list which will all be listed on the resulting modal, so you do not have to customize the vendors during setup.

Enabling TCFv2 will expose an API at window.__tcfapi() for on-page vendors to check user consent, in accordance with IAB's TCFv2 specification. To learn more about the function interface, see IAB's USP TCFv2 specification.

You are responsible for building the frontend component such as a CTA (e.g., a button) to show the TCFv2 modal. Additionally, the modal has been designed and developed to be accessible, with factors such as proper ARIA attributes and keyboard navigation support. Once TCFv2 is enabled on a website, the following APIs can be used to trigger the modal display:

• transcendTcf.showModal() can be used to display the modal. It's recommended to use this to invoke the modal through user interaction (e.g. trigger displaying the modal with a button click).
• transcendTcf.autoShowModal() displays the modal only if the user has not given permission, so this can be invoked right away to always display the modal when users who haven't given consent arrive to the website.

Because TCFv2 and airgap.js are not compatible, you will have to disable the latter in experiences where TCFv2 will apply (e.g., GDPR regime). To do so, in Consent Regional Experiences, make the following edits to the GDPR row in the table:

• Change the "UI View State" to "Hidden"
• Change the "Applicable Consent Purposes" to be empty

IAB GPP (Global Privacy Platform)

The goal of GPP is to harmonize IAB's disparate regional consent frameworks, offering a single API at window.__gpp(). As this API matures and vendors adopt it, Transcend expects to add support for this new API in 2023. To learn more about the function interface, see IAB's USP GPP specification.