IAB TCF 2.2 compliance

The IAB Transparency and Consent Framework (TCF) 2.2 is a technical standard that allows publishers and advertisers to collect, manage, and share user consent signals for compliance with the General Data Protection Regulation (GDPR) and ePrivacy Directive in the European Union.

In preparing for the launch of the GDPR, IAB Europe launched a collaborative effort to deliver, maintain and iterate an industry standard, the TCF, in an attempt to meet the needs of users, industry and regulators. Since 2018, it has gone through several iterations to ensure that it meets the needs of the industry while still complying with the regulation. The most recent version as of 2025, TCF v2.2, was launched in 2023.  The framework defines how websites collect and store user consent preferences and communicate those preferences to third-party vendors that process personal data, such as ad networks, analytics providers, and retargeting platforms.  It ensures that vendors can only access or process personal data with a valid legal basis (such as consent). It also ensures that users are clearly informed about:  Why their data is being used (purposes)  Which vendors are involved  What data is collected  How long data is retained  Consent choices are standardized, structured, and passed in a machine-readable format.

When TCF 2.2 is enabled for a region, CookieHub:  Displays a standardized consent dialog based on the IAB’s user interface requirements  Retrieves the Global Vendor List (GVL) containing all vendors registered in the TCF  Allows users to accept or reject:  Purposes (e.g., personalized ads, content measurement)  Special features (e.g., precise geolocation)  Vendors that will process their data  Generates a transparency and consent (TC) string, which contains the user’s choices   Stores the consent string and shares it with participating vendors through JavaScript or via the CMP API  The TC string includes:  Consent or objection to each purpose  The selected legal basis (e.g., consent or legitimate interest)  User preferences per vendor 

In some cases TCF is required, for example, if you serve personalized ads in the EU or UK using platforms that mandate use of TCF (such as Google Ads, AdSense, or Meta Ads). But you might also want to use TCF if you need to provide structured, vendor-level consent to a wide range of ad tech providers or your advertising partners or header bidding providers require a valid TC string.

Use the IAB TCF 2.2 framework if:  You serve personalized ads in the EU or UK using platforms that require TCF (such as Google Ads, AdSense, or Meta Ads)  You need to provide structured, vendor-level consent to a wide range of ad tech providers  Your advertising partners or header bidding providers require a valid TC string 

IAB TCF v2.2 can help maintain the success of your conversions and ad campaigns:  Preserve measurement:  Even when users deny consent, standardized TCF consent signals allow vendors to handle consent consistently, helping reduce lost attribution and ensuring partial measurement continuity within privacy boundaries.  Improve ad tracking  When consent is granted, vendors (like Google Ads, Meta, or Microsoft Ads) receive clear TCF consent strings, which enables normal operation of conversion tracking, remarketing, and event logging while maintaining compliance.  Better optimization (within limits):  With accurate consent-based data, ad platforms can still optimize bids and targeting based on users who consented, improving overall campaign performance without breaching privacy rules.  Compliance + performance balance:  CookieHub’s IAB TCF v2.2 implementation gives you structured control over consent signals, so you don’t have to choose between disabling all tracking or ignoring compliance obligations.

Go to Dashboard → Domain list  Click on the domain you want to configure  Click Settings  Under Regional settings:  Set the framework to IAB TCF 2.2  Set the consent type to Explicit consent / opt-in  Save your changes  The TCF interface will appear automatically for users in the selected region(s), and the consent string will be generated and shared with vendors.

IAB TCF v2.2 is designed to standardize consent collection and data processing across major European privacy frameworks, including:   GDPR (EU) — ensures personal data processing, including for advertising and analytics, only occurs with consent.  ePrivacy Directive — governs how cookies and tracking technologies are used on user devices.   Digital Markets Act (DMA) — affects how large digital platforms handle data sharing and consent as “gatekeepers.”  Local privacy laws — various EU member states may impose additional conditions or enforcement measures aligned with TCF principles.

Using IAB TCF v2.2 with CookieHub supports GDPR compliance, but it does not guarantee full compliance on its own.  The framework standardizes how consent is collected, stored, and shared with vendors. However, full GDPR compliance requires a broader privacy strategy that includes:  Clear user notices and privacy disclosures  Data minimization and purpose limitation  Honoring user withdrawal of consent  Maintaining up-to-date records in your CookieHub CMP  CookieHub’s TCF v2.2 integration ensures that your consent signals are correctly formatted and transmitted to vendors, a key step toward compliance and ethical data use in digital advertising.