Documentation

Table of Contents

How to Enable the IAB Transparency and Consent Framework in the Cookie Solution

What’s the IAB Transparency and Consent Framework (TCF)?

The IAB Europe Transparency and Consent Framework is an initiative of IAB Tech Lab — a non-profit organization made up of digital publishers, ad-tech companies, marketers, and other companies involved in interactive marketing. The board is made up of some pretty well-known brands such as Google, AppNexus, LinkedIn, Microsoft and others.

This Framework and the associated Consent Management Provider API was developed as a way to “give the publishing and advertising industries a common language with which to communicate consumer consent for the delivery of relevant online advertising and content”.

It’s made up of an ever-growing list of publishers and advertisers that have agreed to be bound by its standards and use the framework to facilitate user choice via a convenient, easy to use interface.

The framework is, ideally, meant for first-party publishers who work with third-party advertisers (i.e publishers who run ads on their website). It’s actually highly recommended that you enable this feature if you fall within this category as some advertising networks may limit access to their network if not implemented, which could, in turn, potentially decrease your ad revenue.

If you run ads on your website it’s highly recommended that you enable this feature: some advertising networks may limit access to their network if not implemented, which could, in turn, potentially decrease your ad revenue.

How it works

Vendors that register on the Global Vendor & CMP List (List) are assigned a vendor ID which allows them to retrieve and interpret user consent preferences in regards to their and other vendors’ services. The actual framework standardizes the process of getting users’ consent and allows for the seamless signaling of users’ consent preferences across the advertising supply chain.

In the middle, helping to facilitate this process are the companies operating as Consent Management Providers (CMPs). CMPs can read and/or set a user’s consent status for the vendors, and make this information available to vendors that publishers choose to work with. In regards to the Cookie Solution, iubenda operates as the CMP; once the feature is enabled, we facilitate this process automatically and painlessly for our users.

Additionally, this feature of the Cookie Solution automatically blocks the scripts of advertisers that are a part of the IAB Vendor Network (provided that the individual advertisers adhere to the standards of the network) prior to receiving user consent.

Despite being a relatively new initiative, the IAB Framework is rapidly becoming the industry standard with many huge vendors such as Google, Adobe and AdRoll involved in its implementation.

Publishers stand to benefit from this initiative in that it makes it easier to be more transparent with users and allows you as the data controller, to have more control over how your users’ data are processed and for which purposes.

We’ve worked hard to ensure that our Cookie Solution integrates seamlessly with this Framework, hereby giving you, our users, the additional option to easily enable and use it for your website and apps.

Attend our “Consent management for publishers” webinar

View a live demo and have your questions answered in real time by attending our free english “Consent management for publishers” webinar. Discover in practice how you can meet both compliance and advertising industry requirements while ensuring that your ad-reach is maximized.

Sign up now

How to enable the IAB TCF in the Cookie Solution

The Cookie Solution gives you the option to allow your users to customize their advertising tracking preferences directly from your website. While this feature is optional — as hosting the actual mechanisms for toggling preferences is not mandatory under the applicable Cookie Law— it is heavily recommended that publishers, in particular, enable this feature as failure to do so can potentially result in reduced reach and ad revenue.

Note: this tutorial assumes that you’ve already activated the Cookie Solution and generated your cookie policy. If you haven’t already done this, you can read that tutorial here.

To enable this feature, head to your dashboard and click on the website that you’d like to update. Next, click the <>EMBED button in the Cookie Solution area:

Consent Solution Embed button

This will take you to the embed section for the Cookie Solution.
This feature is available on all channels.

Note

In older versions of the Cookie Solution, this feature was available only on the beta channel. If you’re using a previous installation of the Cookie Solution, we strongly recommend that you upgrade by simply copying the new code here (Dashboard > [Your website/app] > Cookie Solution > Embed) to avoid any CSS related conflicts and to access all the new features of the latest version.

To enable, scroll to the bottom of this section and click the checkbox on the bottom left (as pictured below):

How to enable IAB Transparency and Consent Framework for the Cookie Solution

Integration

Once enabled, your Cookie Solution embed code will go from this:

<script type="text/javascript">
    var _iub = _iub || [];
    _iub.csConfiguration = {
        "lang": "en",
        "siteId": XXXXXX, //use your siteId
        "cookiePolicyId": YYYYYY, //use your cookiePolicyId
        "banner": {
            "position": "top"
        }
    };
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>

To this (note the stub.js script and "enableCMP": true):

<script type="text/javascript" src="//cdn.iubenda.com/cs/tcf/stub.js"></script>
<script type="text/javascript">
    var _iub = _iub || [];
    _iub.csConfiguration = {
        "enableCMP": true,
        "lang": "en",
        "siteId": XXXXXX, //use your siteId
        "cookiePolicyId": YYYYYY, //use your cookiePolicyId
        "banner": {
            "position": "top"
        }
    };
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
Caution

Take a look at the Cookie Solution code currently on your site and look for the stub.js snippet as can be seen in the image here. If the stub portion is not there, then you will need to update your code.

To function properly, the embed code must be added at the very beginning of the head, right after the <head> tag opening.

Now, if you intend to serve personalized ads to users, you’ll need to ensure that explicit consent to ad personalisation is collected before you can display personalised ads for end-users (where this consent is not collected, Google will default to serving non-personalized ads, potentially impacting your ad revenue).

In order for vendors to read the consent collected, the __cmp function that the CMP (iubenda) makes available must be present. This function is only available after consent has been collected. In order for vendors to read the consent properly, two methods are available:

  • Directly blocking the vendor scripts (using another prior blocking method), then executing them only after consent has been collected. This method requires more implementation work and it’s a bit slower in terms of execution time, but it allows personalized ads to be served from the first page view (where consent hasn’t been collected yet) and gives you more direct and solid control in regards to ensuring compliance.

  • Not directly blocking the vendor scripts, but rather, ensuring that the __cmp function is loaded before the vendor scripts are loaded, through some specific configuration, but this will only work from the second page view, when consent is already present on the page. This method is easier to implement and it’s very high-performing in terms of load speed, however, in this situation, you have less direct control as you must rely on the vendor’s adherence to IAB’s guidelines for compliance.

Here are the implementation instructions:

Our Cookie Solution offers various tools for the prior blocking of codes that may install cookies, one of them is manual tagging. More on our introduction to the prior blocking of scripts.

Vendors have a maximum time (generally 300ms, usually non-configurable) to wait for consent from the CMP. In cases where the CMP does not respond within a maximum of 300ms, vendors’ Sell-Side Platform uses the opt-out status of the user instead. Meaning that in such cases, your end-users will be served with non-personalized ads.

In order to make sure that the consent is read within 300ms from the vendor scripts being executed, we created an extra script (safe-tcf.js) that has the only job of reading the TCF cookie and releasing the __cmp function.

Let’s take the Cookie Solution code snippet we’ve seen before:

<script type="text/javascript" src="//cdn.iubenda.com/cs/tcf/stub.js"></script>
<script type="text/javascript">
    var _iub = _iub || [];
    _iub.csConfiguration = {
        "enableCMP": true,
        "lang": "en",
        "siteId": XXXXXX, //use your siteId
        "cookiePolicyId": YYYYYY, //use your cookiePolicyId
        "banner": {
            "position": "top"
        }
    };
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>

Copy this line:

<script type="text/javascript" src="//cdn.iubenda.com/cs/tcf/beta/safe-tcf.js"></script>

And paste it between the stub.js and Cookie Solution configuration scripts, as shown below:

<script type="text/javascript" src="//cdn.iubenda.com/cs/tcf/stub.js"></script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/tcf/beta/safe-tcf.js"></script>
<script type="text/javascript">
    var _iub = _iub || [];
    _iub.csConfiguration = {
        "enableCMP": true,
        "lang": "en",
        "siteId": XXXXXX, //use your siteId
        "cookiePolicyId": YYYYYY, //use your cookiePolicyId
        "banner": {
            "position": "top"
        }
    };
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>

The safe-tcf.js script is executed synchronously at the very beginning of the page, guaranteeing for the 300ms threshold to be respected. The stub.js and safe-tcf.js can also be embedded inline or self-hosted, if necessary.

To read the consent from the __cmp function, you can open the browser console and launch these commands:

  • window.__cmp('getConsentData', null, function(result) { console.log(result) });
  • window.__cmp('getVendorConsents', null, function(result) { console.log(result) });
  • window.__cmp('ping', null, function(result) { console.log(result) });

Additional Features & Settings

Multiple options for accepting/rejecting cookies

The IAB feature allows users to consent/reject cookies both on an individual basis or as a bulk action, for the convenience of your website users.

Option to apply GDPR protections to all users or EU users only

The IAB feature of the Cookie Solution also allows you to indicate whether or not you’d like to apply GDPR protections to the following.

  • All your users. In this case, the GDPR protections are applied to all users of your site. This is the default setting.
  • Only your EU users. When this global setting is selected, the parameter gdprAppliesGlobally is set to false which indicates to vendors within the network that the GDPR protections only apply to EU-based users of your site.
  • Current users. When this local setting is selected, the parameter gdprApplies is set to true which indicates to vendors within the network that GDPR protections apply to users visiting a particular web property (for example, the EU landing page of your website or any other specific section of your site).

Example scenario

An e-commerce site has different sections available to users in the US and in Europe. They want to apply GDPR protections to just their EU-based users. Using the “GDPR applies to current user” checkbox, they can indicate to vendors that users of the European section of the site should have GDPR protections applied to them by passing gdprApplies=true when it is detected that users are EU based.

One simple way to set up this detection would be to add a conditional (such as an “if” statement) to the Cookie Solution code snippet that sets the gdprApplies to true or false based on the site section indicated.

*If you’re unsure about how to set this up, we strongly suggest using the default settings.

To access these settings, simply go to Cookie Solution > Edit > Advanced View and select the desired setting under IAB Transparency and Consent Framework section.

Please note that if you are EU-based, it is mandatory that you apply the protections to all users and not just users based in the EU. 

Request new consent

When enabled, return users who have accepted cookies on your site prior to the activation of the IAB feature will see the cookie banner and be asked for fresh consent, hereby allowing these users the equal opportunity to individually modify their preferences as the other users of your site. You can find this setting under the IAB Transparency and Consent Framework section indicated in the image above.

Allow users to update their TCF preferences even after closing the cookie banner (beta only)

When on the beta channel, the TCF feature gives you the option to let your visitors update their advertising tracking preferences even after closing the cookie banner.

To implement, just add the iubenda-advertising-preferences-link class to a custom link or button, for example:

<a href="#" class="iubenda-advertising-preferences-link">Update your advertising tracking preferences</a>

And place anywhere on your site (typically added to the site footer). Once clicked, the link/button will trigger the opening of the advertising tracking settings modal:

Allow users to update their TCF preferences even after closing the cookie banner

Please remember that currently, this feature is only available on the beta channel and will, therefore, only work if you embed the related Cookie Solution code.

If the parameter isTCFConsentGlobal is set to true (default setting), the TCF consent is saved on both consensu.org and local. If set to false, the TCF consent is saved only on the local domain, meaning the TCF cookie won’t be shared with other publishers. This value proxies the IAB CMP JS API hasGlobalScope value.

Note: this feature is only available on the beta channel.

The result

Now when your user clicks on the cookie policy link in your cookie banner in order to manage their preferences, they will see the following option:

IAB enabled result

Note: All cookies are of course “turned off” by default as a positive affirmative/ “Opt-in” action is required for valid consent.

See also

Still have questions?

Visit our support forum Email us