Inferensys

Glossary

IAB Transparency and Consent Framework (TCF)

A standardized technical protocol and API designed by the Interactive Advertising Bureau to communicate user consent choices throughout the digital advertising supply chain.
Supply chain manager using AI negotiator on laptop, supplier data visible, casual office afternoon setup.
CONSENT SIGNALING PROTOCOL

What is IAB Transparency and Consent Framework (TCF)?

A standardized technical protocol and API designed by the Interactive Advertising Bureau to communicate user consent choices throughout the digital advertising supply chain.

The IAB Transparency and Consent Framework (TCF) is a standardized technical protocol that enables websites, advertisers, and ad-tech vendors to transmit, interpret, and enforce user consent preferences for personal data processing in compliance with the GDPR and ePrivacy Directive. It defines a common vocabulary and API for Consent Management Platforms (CMPs) to capture granular user choices and encode them into a transparent, cryptographically signed consent string disseminated to all downstream partners in the real-time bidding ecosystem.

The framework establishes a Global Vendor List (GVL) of registered ad-tech intermediaries and maps specific processing purposes, legal bases—including legitimate interest—and data categories to standardized integer identifiers. This allows publishers to configure purpose-specific restrictions and enables programmatic systems to parse the TC String deterministically, ensuring that a user's objection to a specific vendor or purpose is technically enforced at the impression level without breaking the supply chain.

TECHNICAL ARCHITECTURE

Core Components of the TCF

The IAB Transparency and Consent Framework (TCF) is built on a modular technical architecture that standardizes the communication of user consent choices across the digital advertising supply chain. These core components define how consent is captured, encoded, and transmitted between Consent Management Platforms (CMPs) and vendors.

04

Purposes and Legal Bases

The TCF defines 11 standardized processing purposes (e.g., Purpose 1: 'Store and/or access information on a device', Purpose 7: 'Measure advertising performance') and 6 legal bases (Consent, Legitimate Interest, Consent or Legitimate Interest, Special Purposes, Features, Special Features). Each vendor declares which purposes they operate under and which legal basis they rely on. This granular matrix allows users to consent to specific data uses rather than a binary accept/reject, fulfilling the granular consent requirement under GDPR Article 7.

05

Publisher Restrictions

A mechanism allowing publishers to override vendor-level consent at the purpose level. Even if a user grants consent to a vendor for a specific purpose, the publisher can programmatically restrict that purpose from executing on their property. These restrictions are embedded directly into the TC String as a bitfield, ensuring downstream ad tech vendors and ad servers respect the publisher's constraints without additional server-side lookups. This is critical for publishers with strict data governance policies.

06

TCF Signals for In-App Environments

The mobile in-app equivalent of the web-based TC string, transmitted via OpenRTB bid request extensions. Key differences from web implementation:

  • Uses getInAppTCData API method instead of cookie storage
  • Relies on device-level advertising identifiers (IDFA, AAID) for persistence
  • Requires CMP SDK integration rather than JavaScript injection
  • Supports app-to-web consent bridging for hybrid user journeys This ensures consistent consent signaling across mobile apps and mobile web environments.
IAB TCF EXPLAINED

Frequently Asked Questions

Clear answers to the most common technical and operational questions about implementing the IAB Transparency and Consent Framework for digital advertising compliance.

The IAB Transparency and Consent Framework (TCF) is a standardized technical protocol and API designed by the Interactive Advertising Bureau (IAB Europe) to communicate user consent choices throughout the digital advertising supply chain. It works by establishing a common vocabulary and signaling mechanism between three primary actors: Consent Management Platforms (CMPs), which capture user preferences; publishers, who integrate the CMP on their sites; and vendors (ad tech providers, DSPs, SSPs), who receive a standardized Transparency and Consent (TC) String. This encoded string contains the user's consent status for specific processing purposes, their legitimate interest objections, and the list of vendors they have authorized. The framework operates on a Global Vendor List (GVL) , a registry of all registered vendors, their declared purposes, legal bases, and privacy policy URLs, ensuring every participant in the bid stream can decode the signal and act accordingly without direct contractual relationships between every party.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.