Guest Columns
4 mins read

Another twist in privacy compliance: What publishers can do to prepare


It’s no secret that we’re living in a chaotic world right now. The economic impact of COVID-19 has been devastating, and publishers have been hit especially hard. During this time, there’s also a major privacy compliance shift coming down the pike.

Back in August 2019, the Interactive Advertising Bureau (IAB) Europe published the second iteration of its Transparency and Consent Framework (TCF). The new version aims to increase transparency for end-users and offer greater control over how their data is processed. 

While June 30th was the original deadline to become compliant with TCF v2.0, the IAB Europe, in recognition of the challenges posed by COVID-19, has given the industry a one-time, 45-day extension. With that, the deadline for implementing the new version of the TCF is now August 15th. By that time, publishers will have to switch over to TCF v2.0 in order to meet industry privacy standards. And while some data protection authorities have noted they’ll be pausing ongoing investigations, regulators have also signalled that COVID-19 is no excuse for failing to meet existing legal obligations.

That said, transitioning doesn’t have to be an added burden. Let’s break down what this new framework really means, and what publishers can do to get ready.

What’s New with Version 2

This second version of the Transparency and Consent Framework is a complete overhaul of the original. This means it isn’t backwards compatible, and consent management platforms must be newly implemented by publishers, even if they were compliant with the previous version 1.1. 

One of the biggest improvements with v2.0 is that it’s a lot more user friendly. For instance, the standard purpose descriptions have become much more intuitive, making it clear where data is going and how it’s being used. 

Additionally, the user is in full control over their personal data, regardless of the legal basis or justification chosen by a vendor. In addition to empowering users to grant their consent to data processing where a vendor requests it, users can now object to data processing on the basis of a legitimate interest directly in the consent management platform. On top of that, certain types of data use, such as the use of precise geolocation data, require an additional opt in. 

As for vendors, they now have the ability to offer publishers flexibility regarding which legal basis they process personal data. This means that a publisher can ask the vendor to rely on a legal basis other than the vendor’s default if the vendor allows.

Understanding “Why”

To feel confident and prepared to tackle not only this most recent development, but the ones to follow, it’s critical to understand why this is all happening in the first place. 

The “why” can be boiled down to three things:

  1. You can always be “better”: The primary goal of this update is to create greater transparency and control for consumers. TCF v2.0 takes a big step in the right direction to make data collection options more clear. Indeed, I would expect the IAB to iterate the framework even further with this goal in mind as time goes on.
  • Feedback is everything: Feedback is essential in developing any standard, including compliance frameworks. The thing is, feedback only comes over time as more publishers, advertisers, consumers, vendors and regulatory bodies use, engage and study the framework. 
  • Practice makes perfect: In any scenario, it’s a safe bet that a second or third try will be better than the first. Compliance is no exception; it’s a constant learning process. TCF v1.0  was created before GDPR even came into effect. So while it was a good early effort, there was no way it was going to be perfect. Recognizing that, and being okay with it, is crucial to long term success.

Preparing for the Future

Once publishers recognize that privacy best practices are not forever, they’ll be in a great position to get ahead of the next wave. 

To effectively prepare for both the current update and whichever one comes next, publishers should prioritize two key things. First, they need insights with the most up to date information on the law and regulatory expectations. Without the latest insight into compliance best practices and deadlines, publishers can quickly find themselves using outdated approaches or solutions putting a regulatory target on their backs that otherwise could have been avoided. 

Second, publishers need the right people, internally or through partnerships or both, to help manage these ongoing compliance issues. I would encourage publishers to hire their own internal experts who have expertise in law and the technologies that publishers rely on.

At the end of the day, the latest framework is showing us that change is inevitable. But fortunately, this is nothing publishers can’t handle. Despite the added complexity of today’s economic downturn, with the right information, people and partners, publishers can embrace the change and set themselves up to adapt quickly to whatever comes next.

Matthias Matthiesen
Senior Privacy Counsel, Quantcast 

About: Quantcast is an audience intelligence and measurement company headquartered in San Francisco. Combining machine learning, a privacy-by-design approach, and live data drawn from more than 100 million online destinations, Quantcast provides software, information and advertising services for marketers, publishers and advertising agencies worldwide. Founded in 2006, Quantcast has employees in 20 offices across 10 countries.