The Transparency and Consent Framework is a system that enables publishers (media sites and portals) equipped with a CMP to collect and transmit user purpose consent information to the various partners. The aim is to help all parties in the digital advertising chain to ensure compliance with the RGPD and ePrivacy Directive. These are common rules to be adopted from the moment personal data is processed or when information is stored on users’ terminals such as cookies, identifiers, and any other advertising trackers.
How IAB TCF works
The IAB’s TCF enables publishers equipped with a CMP on their website to retrieve the user’s consent information:
- Postview cookies for banners on the site
- PostClic cookies from links on the sites
Consents are retrieved and sent to banner urls and redirect links to tell sellers whether or not the surfer has consented.
Consent standards
Here are the standard ways of retrieving the user’s consent in the links so that the consent is readable by the IAB vendors: -. gdpr boolean, this parameter is a boolean that tells whether or not a web surfer falls within the scope of the GDPR. If gdpr=1 then the surfer comes from an RGPD zone, if gdpr=0 the surfer does not come from the RGPD zone. – gdpr_consent This is the consent string encoded by the IAB’s TCF. This parameter gives the full consent given by the user for the various purposes. The parameter incorporates the identity of the Effinity vendor (402). Example value: CPD_qEDPD_qEDEwEtJENBTCsAP_AAH_AAIYgF5wAgBhgLzAvOAEAMMBeYAAA.YAAAAAAAAAAA To decode the gdpr_consent variable, you can go to this site: https: //iabtcf.com/#/decode → In this example, vendor Consents: 402 does not appear. Effinity therefore does not have consent to deposit cookies. – gdpr_pd This parameter indicates whether or not urls contain personal data. We do not use this parameter.
How Effinity tracking works for affiliates
To switch the consent information to post-view
Post-view cookies require the user’s consent. If the user doesn’t consent, we won’t set any cookies. This is why it is necessary to obtain the user’s consent on the publisher’s side for post-view campaigns.
- When the publisher’s site uses the IAB TCF
If the surfer is in a RGPD zone: gdpr and gdpr_consent must be used:
– The gdpr=1 information in the banner url declares that the surfer comes from a RGPD zone.
– The gdpr_consent variable indicates the surfer’s consent expressed in the CMP.
Example of an affiliate banner url: https://track.effiliation.com/servlet/effi.show?id_compteur=123456789&gdpr_consent=CPD_qEDPD_qEDEwEtJENBTCsAP_AAH_AAIYgF5wAgBhgLzAvOAEAMMBeYAAA.YAAAAAAAAAAA&gdpr=1 If the surfer is not in the RGPD zone: The information gdpr=0 will be sent in the banner url and the post-view cookie will be automatically deposited because we won’t need his consent.
Example of an affiliate banner url:
https://track.effiliation.com/servlet/effi.show?id_compteur=123456789&gdpr=0
- Cases where the publisher site does not use IAB TCF
Publishers who do not use the IAB’s TCF will be able to send consent information in banner urls via the parameter consent.
- If the user consents, then &consent=1 and the pots-views cookies will be deposited.
- If the user does not consent, then &consent=0 and post-view cookies will not be deposited.
Example of an affiliate banner url for a consenting web user:
https://track.effiliation.com/servlet/effi.show?id_compteur=123456789&consent=1
To skip post-click consent information
Post-click cookies require the user’s consent. If the user does not consent, we will not set any cookies. As with post-view cookies, consent can be obtained on the publisher’s side. We use the same principle as for post-view cookies, except that the consent information will be sent in the click urls.
- When the publisher’s site uses the IAB TCF
If the surfer is in a RGPD zone: gdpr and gdpr_consent must be used:
– The gdpr=1 information in the tracked link declares that the surfer is in a RGPD zone.
– The gdpr_consent variable indicates the surfer’s consent expressed in the CMP.
Example of a tracked link from an affiliate :
https://track.effiliation.com/servlet/effi.click?id_compteur=123456789&gdpr_consent=CPD_qEDPD_qEDEwEtJENBTCsAP_AAH_AAIYgF5wAgBhgLzAvOAEAMMBeYAAA.YAAAAAAAAAAA&gdpr=1 If the surfer is not in the RGPD zone: The information gdpr=0 will be sent in the tracked link and the post-click cookie will be automatically deposited because we won’t need his consent.
Example of a tracked link from an affiliate :
https://track.effiliation.com/servlet/effi.click?id_compteur=123456789&gdpr=0
- Cases where the publisher site does not use IAB TCF
Publishers who do not use the IAB’s TCF will be able to send consent information in the urls of tracked links via the parameter consent.
- If the user consents, then &consent=1 and post-click cookies will be deposited.
- If the user does not consent, then &consent=0 and post-click cookies will not be deposited.
Example when the Internet user has not consented:
https://track.effiliation.com/servlet/effi.click?id_compteur=123456789&consent=0
