CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 date: Wed, 01 Oct 2025 15:27:30 GMT content-type: text/html; charset=UTF-8 content-encoding: gzip cf-ray: 987cfbfdfa963d2a-BOM cf-cache-status: HIT cache-control: public, max-age=0, s-maxage=3600 last-modified: Wed, 01 Oct 2025 15:22:49 GMT link: ; rel="https://api.w.org/", ; rel="alternate"; title="JSON"; type="application/json", ; rel=shortlink vary: Accept-Encoding cache-tag: 0c6181ed-2dde-4195-bf9c-fdd33b77a691,d0aa023e08e67951977bddc93e60c24cc676aa17123c41978fdfe0fcad5616be ki-cache-tag: 0c6181ed-2dde-4195-bf9c-fdd33b77a691,d0aa023e08e67951977bddc93e60c24cc676aa17123c41978fdfe0fcad5616be ki-cache-type: Edge ki-cf-cache-status: HIT ki-edge: v=22.3.1;mv=5.0.16 ki-origin: g1p x-content-type-options: nosniff x-edge-location-klb: 1 x-kinsta-cache: HIT set-cookie: __cf_bm=DiKODtvEHgD4n.6Ng31SWihaveoAJswIg_p2xSXaHeo-1759332450-1.0.1.1-4kW9TDsTxEa91RU1JixeHvN25_8AJC4S39wPUUDGWgTPSrmuwJyfp4qNRGzLzOz31o8_1AS6YUxRCqe1j1sxr4JPsEhDLh1XCJMNl5ZAVoA; path=/; expires=Wed, 01-Oct-25 15:57:30 GMT; domain=.iabeurope.eu; HttpOnly; Secure; SameSite=None report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ybk0OC5%2BBkGoEpq5IWSpombwCvjG7FFXJxeWLp3cVMjpW6Rk%2FGT74Ox2t1I%2Bm0UgPREg0G9rVWPfKN23fUGqsUAjnlfGBIB%2BOZJR4YUh%2BFLhFVRVDQCFg6iZRX4cqA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server: cloudflare alt-svc: h3=":443"; ma=86400 TCF v2.2 - Implementation FAQ's - IAB Europe

TCF v2.2 - Implementation FAQs

General

1. What are the main differences between TCF 2.1 & 2.2?

The iterations brought by the TCF v2.2 aim to bring further standardisation of the information and choices that should be provided to users over the processing of their personal data, and to how these choices should be captured, communicated and respected. This include:

1) Removal of the legitimate interest legal basis for advertising & content personalisation: within the scope of the TCF, Vendors will only be able to select consent as an acceptable legal basis for purposes 3, 4, 5 and 6 at registration level;

2) Improvements to the information provided to end-users: the purposes and features’ names and descriptions have changed. The legal text has been removed and replaced by user-friendly descriptions - supplemented by examples of real-use cases (illustrations);

3) Standardisation of additional information about Vendors: Vendors will be required to provide additional information about their data processing operations - so that this information can in turn be disclosed to end-users;
- Categories of data collected
- Retention periods on a per-purpose basis
- Legitimate interest(s) at stake - where applicable
- Support for multiple languages URL declaration

4) Transparency over the number of Vendors: CMPs will be required to disclose the total number of Vendors seeking to establish a legal basis on the first layer of their UIs;

5) Specific requirements to facilitate users’ withdrawal of consent: Publishers and CMPs will need to ensure that users can resurface the CMP UIs and withdraw consent easily. Vendors need to ensure they retrieve the TC String in real-time, where applicable.

2. Can the initial layer of the CMP UI provide a “reject all” button?

Yes, although the TCF Policies do not require that CMPs provide a call to action for users to refuse consent from the first layer of their UIs, nothing in the TCF Policies is intended to prevent going beyond these minimum requirements. As with any other design requirements that are not specified by the TCF policies, publishers should ensure they are fully aware of their local Data Protection Authority’s requirements and act accordingly.

FAQs for CMPs

3. Where can I find the TCF translations?

The TCF official translations have been published at https://register.consensu.org/Translation. IAB Europe is now in the process of updating them progressively according to local market feedback. If you have any feedback on a translation, you can provide suggestions at framework@iabeurope.eu.

4. How should the total number of Vendors be added to the CMP UI?

The Initial Layer of the Framework UI has to disclose the number of third party Vendors that are seeking consent or pursuing data processing purposes on the basis of their legitimate interest(s), in order to better inform users about the number of entities susceptible to processing their personal data.

This number should at a minimum represent the number of TCF Vendors for which the publisher establishes transparency & consent, but may include the number of non-TCF Vendors. It is up to the publishers to decide whether they want to include non-TCF Vendors when providing this number. Publishers should consider when making such a determination how to best manage user expectations regarding the number of data controllers for which it establishes legal bases.

The Secondary Layer of the Framework UI has to disclose the numbers of third party Vendors that are seeking consent or pursuing data processing purposes on the basis of their legitimate interest(s) for each purpose. These numbers may also include the number of non-TCF Vendors for which the publisher establishes transparency & consent using the TCF purposes nomenclatures.

5. How should CMPs disclose Vendors’ retention periods and categories of data?

CMPs should disclose the new information on a per-Vendor basis, using the information published in the GVL.

The categories of data collected and processed by Vendors has been standardised through a dedicated taxonomy. CMPs should use the standard names provided by the TCF Policy and make available the corresponding user-friendly descriptions.

To facilitate users’ understanding, CMPs may convert retention periods provided by Vendors in days into a different time unit (e.g. in months), the same way they may currently do so with Vendors’ maximum device storage durations.

6. What is the StdRetention field in the GVL for TCF 2.2?

The StdRetention field in the GVL is added and computed when a Vendor has declared the same retention period for several purposes and/or special purposes for optimisation of the GVL length. As a result the entry for purposes and/or special purposes with that most common retention period, i.e. the period which is declared for the most purposes and/or special purposes, will be omitted from the purposes and specialPurposes fields in the dataRetention object.

For example, if a Vendor has declared the following retention periods:

Purpose 2: 30
Purpose 3: 30
Purpose 4: 30
Purpose 7: 180
Special Purpose 2: 360

The corresponding dataRetention object in the Vendors’ entry in the GVL will be:

"dataRetention": {
"stdRetention": 30,
"purposes": {
"7": 180,
},
"specialPurposes": {
"2": 360
}
}

7. How should CMPs use the multiple URLs that Vendors may provide to access their privacy documentations in different languages?

TCF v2.2 enables Vendors to declare URLs to their privacy policies and legitimate interest(s) at stake explanation on a per-language basis. This enables CMPs to provide users with link(s) to Vendors’ privacy documentations in the same language as the one used in their Framework UIs (which for example corresponds to the language of the publisher’s digital property or the language of the user’s browser).

Where Vendors have not declared URLs to their privacy documentations in the language used in the Framework UIs, CMPs may choose to provide links to the Vendors’ documentation in a different language, or Publishers may choose not to work with Vendors that do not maintain privacy documentations in the language of their users.

8. How should CMPs disclose the storage and access information relating to the CMP’s recording of Signals (TC String), including the maximum device storage duration where applicable?

CMPs should at a minimum disclose on the secondary layer of their UIs how the TC String is stored and for how long if it is stored on the user's device. Such an explanation can include for example "the choices you make regarding the purposes and entities listed in this notice are saved in a cookie named [n] for a maximum duration of [x] months”.

FAQs for Publishers

9. How should Publishers select the Vendors for which they establish legal bases? Is there a maximum number ?

Since March 2022, Vendors registering to the TCF are required to provide additional information that is not intended for user disclosures but can be used by Publishers for determining which Vendors they wish to establish transparency and consent for on their digital properties.

The additional information cover the following detail:

Full legal entity address ;
Business-to-business contact details ;
Territorial scope - the EU/EEA/EFTA/UK jurisdictions where the vendor operates in the context of its TCF registration. Note that this is different from the place of establishment ;
Environment – environment(s) where the vendor operates such as web, mobile apps, CTV apps ;
Type of service – Vendor’s type of service(s) such as SSP, DSP, DMP ;
International transfer – indication if the vendor transfers data outside EU/EEA ; when applicable, indication if the data transfers are covered by an EU adequacy decision.

This additional information is available here and can be used by Publishers to, for example, avoid requesting user’s consent for Vendors that operate in technical environments and jurisdictions that are not relevant to their online services, as well as generally better understand each TCF Vendor’s scope of operations and whether it transfers data outside of the EEA.

Publishers can also work with their CMPs and Vendor-partners to better understand which Vendors are active on their digital properties (e.g. contribute to the selling of their ad inventories) to supplement their selection process.

The TCF Policies does not impose a maximum number of Vendors for which a Publisher establishes legal bases, as it depends on the nature of the services and content provided by the Publisher as well as its business model, and no objective criteria have been laid down by Data Protection Authorities in that respect.

10. Does the TCF Policies requirement in relation to withdrawal of consent affect pay-or-consent installations

Publishers and their CMPs will be required to ensure that users can re-access the CMP UI easily to manage their choices (e.g. from a floating icon or a footer link available on each webpage, from the top-level setting of the app etc.)

If the initial consent request presented to users contains a call to action that enables user to consent to all purposes and vendors in one click (such as “Consent to all”), an equivalent call to action should be provided when users resurface the CMP UI as to withdraw consent to all purposes and vendors in one click (such as “Withdraw consent to all”).

When the publisher implements a way for the user to access its content without consenting through other means, for example by offering paid access, users who previously provided consent should still be provided with the possibility to easily withdraw consent at any time and access the content through other means (for example the paid access). Although the TCF policies accommodate such implementations, publishers should ensure they are fully aware of their local Data Protection Authority’s requirements when leveraging pay-or-consent installations.

11. Can the information and choices provided to users in connection with establishing legitimate interests be embedded in a webpage instead of a popup overlay?

Yes, the TCF Policies do not request all user interfaces (UI) to take the form of a popup overlay. This is only required in connection with requesting users’ consent, in which case the UI needs to be displayed prominently and separately from other information. When making use of a so-called layered approach, publishers and their CMPs may choose to provide transparency
and the right to object relating to Purposes or Special Purposes pursued by Vendors on the basis of their legitimate interests in a separate webpage, such as in their privacy policies, so long as users are provided with an easily accessible link to it from the UI that is used to request their consent.

Because such an approach can impact a commercial CMP’s ability to assume responsibility for compliance with the TCF Policies, publishers may be required to register a private CMP and use a commercial CMP’s offering in association with their private CMP ID in line with Chapter II: Policies for CMPs (7)(2).

12. How often should I remind users of their choices?

Data Protection Authorities have issued different guidelines and recommendations on the appropriate duration - which varies between 6 months to 24 months. The TCF v2.2 Policies take into account these discrepancies and require publishers to remind users of their choices according to the requirements laid down by publishers’ local regulator(s).

To help TCF participants in their implementation, the below table provides the best practice recommendations that have been provided so far by certain national regulators (last updated March 2024):

Country

Best Practice Recommendation

Reference

SUBJECTBelgium

DATE6 Months

LINKCheck-list cookies

SUBJECTCzech Republic

DATE6 Months

LINKQ&A on data processing on the Internet

SUBJECTFrance

DATE6 Months

LINKRecommendations on cookies and other trackers

SUBJECTIreland

DATE6 Months

LINKGuidance note on cookies and other tracking technologies

SUBJECTItaly

DATE6 Months

LINKGuidance note on the use of cookies and other tracking tools

SUBJECTLuxembourg

DATE12 Months

LINKRequirements applicable to cookies

SUBJECTSpain

DATE24 Months

LINKGuidance on the use of cookies

13. How should the group-specific scope be used?

The group-specific scope enables users to make privacy choices that are applicable on a pre-defined group of several digital properties (e.g. websites). This scope can be used solely under the following conditions:

The digital properties must belong to or otherwise be under the control of the same organisation (e.g. online services owned by the same Publisher);

Users must be clearly informed about the scope of their privacy choices on the first layer of the CMP UI, and be provided with a link directing to more information about the group;

Each of the digital properties belonging to the group must allow users to manage their privacy choices (e.g. to revisit the privacy choices they previously made on another digital property in the group).

14. How should Publishers ensure that consent remains specific in their consent-or-pay installations?

Where a Publisher puts in place a “consent or pay” system, i.e. a TCF implementation offering two or more choices to users for access to the Publisher’s content and services (for instance one based on consent to the processing of personal data for certain Purposes and/or Special Features, and another based on an alternative, such as paid access), Appendix B, section C(h) of the TCF Policies accommodates such implementations.

Although the TCF Policies do not require to allow users to make granular and specific consent or opt-in choices for each Purpose and/or Special Feature in such installations, Publishers should consider providing an appropriate level of choice granularity in order for users’ consent to remain specific and fulfil legal requirements under the GDPR.

For example, where a free version (subject to consent to processing) is made available alongside a paid version, a Publisher might conclude that conditioning access to the free version of their services to users’ consents for a subset of purposes that are necessary for monetisation (e.g. personalised advertising) provides the appropriate degree of granularity if kept separate from consent to purposes that are not a necessary part of the free version (for instance audience measurement or third-party content personalisation).

To help TCF participants in their implementation, the below table provides the best practice recommendations that have been provided so far by certain national regulators (last updated April 2025):

Country

Reference

SUBJECTAustria

DATE

FAQs here

SUBJECTDenmark

DATE

List of assessment criteria here

SUBJECTFrance

DATE

List of assessment criteria here

SUBJECTGermany

DATE

DSK resolution on CorP here

SUBJECTUK

DATE

ICO guidance on CorP here

FAQs for Vendors

15. Has support for legitimate interest as a legal basis been removed from TCF v2.2?

Vendors should provide a link to a webpage that describes the legitimate interests they pursue when they rely on such a legal basis for at least one purpose. This can be a part of their privacy policy, accessed through a bookmark on that webpage. User-facing information about Vendors’ legitimate interest at stake should not be confused with Vendors’ Legitimate Interest Assessments (LIAs) - whose record can be kept internally to demonstrate compliance if required.

16. Should Vendors update the information provided in their Legitimate Interest Claim URL when they declare Special Purpose 3?

Vendors that intend to declare Special Purpose 3 (“Save and communicate privacy choices”) are advised to review concomitantly the user-facing information about their legitimate interests at stake, in order to make sure that it includes a description of the legitimate interest relied upon when pursuing Special Purpose 3.
As a reminder, the Legitimate Interest Claim URL is a link to a webpage that describes the legitimate interests they pursue when they rely on such a legal basis for at least one purpose. This can be a part of their privacy policy, accessed through a bookmark on that webpage

17. How can Vendors self-check their live installations?

In order to self-check their live installations Vendors can use the Controls Catalogue available here. The Controls Catalog maps requirements of the Policies to auditable elements to help participants in assessing and reviewing the compliance of their practical implementations. It includes the audit checks IAB Europe performs when auditing TCF participants - and corresponding enforcement procedure for each.

18. Why do Vendors need to provide a list of digital properties where they operate?

When completing their Vendor Compliance Form, Vendors should provide a non-exhaustive lists of digital properties where their technologies are susceptible to be deployed (e.g. websites where their tags or pixels are present, mobile or CTV apps where their SDK is integrated - depending on the environment(s) they support). This is to facilitate the auditing by IAB Europe of Vendors’ live installations deployed on publishers’ properties.

Addresses

Business Office

Features

Legal

Sign up for our newsletter

communication@iabeurope.eu

Privacy Overview

This website stores and/or accesses information on your device by means of cookies to ensure that the website functions properly and to remember your choices for the future visits. With your consent, we will store and/or access information on your device as well to collect data for aggregated statistics in order to measure the performance of the content presented to you. You can withdraw your consent at any time by clicking on the “Privacy & Cookies Policy” button at the top of the web pages.

Functional

Always Enabled

Necessary

Always Enabled

These cookies are necessary for purely technical reasons to ensure security of our websites and make certain elements accessible and operational. Given their technical necessity, only an information obligation applies, and you cannot refuse these cookies.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Analytics

These cookies are used to measure the visits on the website and compile reports about the activity on the website. This allows IAB Europe to know which web pages or content are most popular to improve the content of the website. These cookies are only placed if you accept them, and you can refuse them at any time using the corresponding toggle.

Cookie	Duration	Description
_pk_id.1.be1c	1 year 27 days	Matomo Analytics
_pk_ses.1.be1c	30 minutes	Matomo Analytics
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.

Original Source | Taken Source

Who we are

Team members

Board members

Committees & task forces

Framework & code of conduct

Transparency & consent framework

Policy, regulation & advocacy

Industry services

TCF v2.2 - Implementation FAQs

General

FAQs for CMPs

FAQs for Publishers

FAQs for Vendors

Addresses

Features

Legal

Sign up for our newsletter