Show Menu
TOPICS×

IAB TCF 2.0 support in Real-time Customer Data Platform

The Transparency & Consent Framework (TCF), as outlined by the Interactive Advertising Bureau (IAB), is an open-standard technical framework intended to enable organizations to obtain, record, and update consumer consent for the processing of their personal data, in compliance with the European Union's General Data Protection Regulation (GDPR). The second iteration of the framework, TCF 2.0, grants more flexibility for how consumers can provide or withhold consent, including whether and how vendors may use certain features of data processing, such as precise geolocation.
More information on TCF 2.0 can be found on the IAB Europe website , including support materials and technical specifications.
Real-time Customer Data Platform (Real-time CDP) is part of the registered IAB TCF 2.0 vendor list , under the ID 565 . In compliance with TCF 2.0 requirements, Real-time CDP allows you to collect customer consent data and integrate it into your stored customer profiles. This consent data can then be factored into whether profiles are included in exported audience segments, depending on their use case.
Real-time CDP is only able to comply with version 2.0 of the TCF (or greater). Previous versions of TCF are not supported.
This document provides an overview of how to configure your data operations and profile schemas to accept customer consent data generated by your CMP, and how Real-time CDP conveys user consent choices when exporting segments.

Prerequisites

In order to follow along with this guide, you must be using a Consent Management Platform (CMP), either commercial or your own, that is integrated and compliant with the IAB TCF. See the list of compliant CMPs for more information.
If the ID of your CMP is invalid, Real-time CDP will keep processing your data as-is. In order to enforce TCF 2.0, you must confirm that your CMP has a valid ID that has been registered with IAB TCF 2.0 before sending data to Experience Platform.
This guide also requires a working understanding of the following Adobe Experience Platform services:
  • Experience Data Model (XDM) : The standardized framework by which Experience Platform organizes customer experience data.
  • Adobe Experience Platform Identity Service : Solves the fundamental challenge posed by the fragmentation of customer experience data by bridging identities across devices and systems.
  • Real-time Customer Profile : Leverages Identity Service to create detailed customer profiles from your datasets in real-time. Real-time Customer Profile pulls data from the Data Lake and persists customer profiles in its own separate data store.
  • Adobe Experience Platform Web SDK : A client-side JavaScript library that allows you to integrate various Platform services into your customer-facing website.
  • Adobe Experience Platform Segmentation Service : Allows you to divide Real-time Customer Profile data into groups of individuals that share similar traits and will respond similarly to marketing strategies.
In addition to the Platform services listed above, you should also be familiar with destinations and their use in Real-time CDP.

Customer consent flow summary

The following sections describe how consent data is collected and enforced after the system has been properly configured.

Create datasets with IAB consent fields

Customer consent data must be sent to a datasets whose schema contains IAB consent fields. Refer to the tutorial on creating datasets for capturing TCF 2.0 consent for how to create the two required datasets before continuing with this guide.

Update Profile merge policies to include consent data

Once you have created a Profile-enabled dataset for collecting consent data, you must ensure that your merge policies have been configured to always include IAB consent fields in your customer profiles. This involves setting dataset precedence so that your consent dataset is prioritized over other potentially conflicting datasets.
For more information on how to work with merge policies, refer to the merge policies user guide . When setting up your merge policies, you must ensure that your segments include all the required consent attributes provided by the XDM privacy mixin , as outlined in the guide on dataset preparation.

Integrate the Experience Platform Web SDK to collect customer consent data

The use of the Experience Platform Web SDK is required in order to process consent data directly in Adobe Experience Platform. Experience Cloud Identity Service is currently not supported.
Experience Cloud Identity Service is still supported for consent processing in Adobe Audience Manager, however, and compliance with TCF 2.0 only requires that the library is updated to version 5.0 .
Once you have configured your CMP to generate consent strings, you must integrate the Experience Platform Web SDK to collect those strings and send them to Platform. The Platform SDK provides two commands that can be used to send IAB consent data to Platform (explained in the subsections below), and should be used when a customer provides consent information for the first time, and anytime that consent changes thereafter.
The SDK does not interface with any CMPs out of the box . It is up to you to determine how to integrate the SDK into your website, listen for consent changes in the CMP, and call the appropriate command.

Create a new edge configuration

In order for the SDK to send data to Experience Platform, you must first create a new edge configuration for Platform in Adobe Experience Platform Launch. Specific steps for how to create a new configuration are provided in the SDK documentation .
After providing a unique name for the configuration, select the toggle button next to Adobe Experience Platform . Next, use the following values to complete the rest of the form:
Edge configuration field
Value
Sandbox
The name of the Platform sandbox that contains the required streaming connection and datasets to set up the edge configuration.
Streaming Inlet
A valid streaming connection for Experience Platform. See the tutorial on creating a streaming connection if you do not have an existing streaming inlet.
Event Dataset
Select the XDM ExperienceEvent dataset created in the previous step .
Profile Dataset
Select the XDM Individual Profile dataset created in the previous step .
When finished, click Save at the bottom of the screen and continue following any additional prompts to complete the configuration.

Handling SDK responses

All Platform SDK commands return promises that indicate whether the call succeeded or failed. You can then use these responses for additional logic such as displaying confirmation messages to the customer. See the section on handling success or failure in the guide on executing SDK commands for specific examples.

Export segments

Before you start exporting segments, you must ensure that your segments include all required consent fields. See the section on configuring merge policies for more information.
Once you have collected customer consent data and have created audience segments containing the required consent attributes, you can then enforce TCF 2.0 compliance when exporting those segments to downstream destinations.
Provided that the consent setting gdprApplies is set to true for a set of customer profiles, any data from those profiles that is exported to downstream destinations is filtered based on the consent preferences for each profile. Any profile that does not meet the required consent preferences is skipped during the export process.
Customers must consent to the following purposes (as outlined by TCF 2.0 policies ) in order for their profiles to be included in segments that are exported to destinations:
  • Purpose 1 : Store and/or access information on a device
  • Purpose 10 : Develop and improve products
TCF 2.0 also requires that the source of data must check the destination's vendor permission before sending data to that destination. As such, Real-time CDP checks if the destination's vendor permission is opted in to for all IDs in the cluster before including data bound to that destination.
Any segments that are shared with Adobe Audience Manager will contain the same TCF 2.0 consent values as their Platform counterparts. Since Audience Manager shares the same vendor ID as Real-time CDP (565), the same purposes and vendor permission are required. See the document on the Adobe Audience Manager plug-in for IAB TCF for more information.

Test your implementation

Once you have configured your TCF 2.0 implementation and have exported segments to destinations, any data that does not meet consent requirements will not be exported. However, in order to see whether the right customer profiles were filtered during the export, you must manually check the data stores on your destinations to see if consent was properly enforced.
It is important to note that if multiple IDs make up a cluster and TCF 2.0 applies, the entire cluster will be excluded if even a single ID does not contain the correct purposes and vendor permission(s).

Next steps

This document covered the process of configuring your data operations in Real-time CDP to be compliant with TCF 2.0. For more information on the other privacy capabilities provided by Real-time CDP, refer to the following documentation: