In this article, we'll unpack some privacy terms that might seem like complicated terminology at first glance — we're talking about Consent Management Platforms (CMPs), Transparency and Consent Framework (TCF) 2.2, and the Global Privacy Platform (GPP). It's important to us that you feel comfortable and informed about these terms, as they are frequently used in programmatic and our SSP platform in particular. So, let's dive in and clarify these topics together, ensuring you're completely in the loop.

What is a CMP?

Consent Management Platform (CMP) emerges as an indispensable asset for businesses and website operators. It streamlines the collection, management, and documentation of user consent in alignment with prevailing data protection regulations such as the General Data Protection Regulation and the California Consumer Privacy Act.

Purposes of CMPs

These platforms serve to educate users on the nature of data collection and its intended purposes, empowering them to govern their personal information effectively. 
CMPs aid organizations in upholding compliance with data protection statutes and maintain meticulous records of user preferences throughout data lifecycles. This streamlined consent processing enables prompt responses to data subject requests, fostering elevated standards of data privacy.

How Does a CMP Work?

The operational mechanism of the CMP unfolds as follows:

  • Upon a user's website visit, the CMP promptly surfaces, offering granular control over data privacy. This empowers users to choose the level of data collection and manage cookie types. The CMP also provides transparency about third-party vendors involved and the option to grant or deny consent to each one individually.
  • CMP collects and translates users’ preferences into consent signals and passes them to the ad platforms.
  • Ad platforms interpret the consent signal and deliver targeted advertising based on user consent.

By integrating a CMP, publishers align with data privacy mandates, thereby providing users more control over their data gathering and processing.

Here’s an example of pop-up CMP:

Here’s an example of CMP as a banner at the bottom of the screen:

Why do publishers need to implement CMPs?

In order to correctly and effectively send privacy and user consent signals, publishers need to implement the Consent Management Platform on their website or application. Besides that, by using CMPs, you're making life a lot easier for your users, too. Everything becomes clearer and more straightforward, which can only be good for building trust for everyone involved.

For publishers looking for reliable CMPs, it's a good idea to check out the list of approved CMPs by IAB Europe. Every CMP on this list has passed IAB Europe’s checks for compliance, so you know you're getting something that meets the necessary privacy standards.

What is the TCF 2.2?

On May 16, 2023, the latest iteration of Transparency and Consent Framework (TCF) 2.2 was released, marking a significant milestone in the digital advertising world.

Think of it as a common language that makes sure everyone involved understands how user consent should be handled and shared. IAB Europe crafted a robust framework, known as TCF 2.2, to assist organizations in adhering to GDPR regulations regarding user consent in online advertising and personalized content delivery. Acting as a mediator between publishers' websites, advertising third-party vendors, and the CMP utilized on these platforms, TCF 2.2 serves as a standardized communication tool, ensuring clarity and consistency in how user consent is conveyed and managed across all parties involved.

What is the GPP?

The Global Privacy Platform (GPP)  is a solution developed by IAB Tech Lab to help the industry solve the challenges that come with the need to navigate a complex landscape of international privacy regulations. It simplifies the process of sharing privacy, consent, and consumer choice information.
Presently, the GPP interfaces with various privacy regulations, encompassing TCF, the MSPA's US National string, and particular privacy strings tailored to select US states. Furthermore, the Global Privacy Platform is poised for expansion, envisaging the inclusion of additional jurisdictions governed by data privacy frameworks.

Connecting the dots

Based on the information above, you can see the entire connection of these terms:

  1. TCF 2.2 serves as a pivotal framework crafted by IAB Europe to facilitate compliance with GDPR regulations, ensuring clarity and consistency in handling user consent across digital advertising and content customization.
  2. The Global Privacy Platform, developed by IAB Tech Lab, provides a flexible solution for advertisers, publishers, and tech companies to navigate complex international privacy regulations, ensuring alignment with various privacy frameworks globally.
  3. CMPs play a significant role in streamlining the collection, management, and documentation of user consent. CMPs rely on TCF and GPP to interpret user consent choices, translate them into the appropriate string format, and then communicate that string to AdTech vendors.
  4. In essence, TCF and GPP provide the technical language for user consent. Meanwhile, CMPs act as translators and facilitators for implementing those languages on websites and apps, passing consent signals to the ad platforms.