The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, changed the data privacy landscape in Europe. GDPR was designed to harmonise data privacy laws across Europe, giving individuals greater control and transparency over their personal data while raising the bar for businesses to achieve lawful processing of personal information.

In anticipation of the entry into force of the GDPR, IAB Europe launched in February 2017 a collaborative effort by organising dedicated working groups attended by more than 70 member companies and sectoral trade associations, supported by the IAB Europe staff, to deliver, maintain and iterate an industry standard, the TCF, in an attempt to meet the needs of users, industry and regulators.

On 25 April 2018, TCF v1.1 was launched after an extensive industry consultation with IAB Europe and IAB Tech Lab members, and the broader digital advertising industry.

On 21 August 2019, TCF v2.0 was launched following extensive industry consultation particularly with publishers and the industry associations who represent all aspects of the industry.

On 19 August 2020, TCF v2.1 was launched to bring the TCF in-line with Planet49 ruling issued by the Court of Justice of the European Union and standardise the disclosure of the duration of operation of cookies.

On 16 May 2023, TCF v2.2 was launched to respond to the changes and needs of the industry, and introduce a number of iterations that relates to the Action Plan submitted to and validated by the Belgian Data Protection Authority (APD) (more information here).

TCF participants have until 20 November 2023 to adopt TCF v2.2 and make the necessary changes to their respective implementations.

The TCF is an accountability tool that relies on standardisation to facilitate compliance with certain provisions of the ePrivacy Directive and the GDPR. It applies principles and requirements derived from these two legislative instruments to the specific context of the online industry, taking account of relevant EU-level guidance from the EDPB and national level guidance from Data Protection Authorities.

The TCF is a voluntary standard intended for use by three categories of stakeholders (and all such stakeholders are welcome to use the TCF - irrespective of whether they are members of IAB Europe)

1) Publishers: owners or operators of online content or services where personal data is collected and used by third-party companies (vendors) for digital advertising, audience measurement, or content personalisation.

2)  Vendors: third-party companies that do not ordinarily have direct access to end-users of publishers. Vendors can be Ad servers, measurement providers, advertising agencies, DSPs, SSPs, and more.

3)  CMPs (Consent Management Platforms): software or solution providers that develop notices (e.g. cookie banners) to inform users and capture their preferences with respect to the processing of their personal data. 

The TCF is a combination of key resources: 

• TCF Policies
• TCF Terms & Conditions
• TCF Implementation Guidelines
• Transparency and Consent (TC) String with Global Vendor List Format
• The Consent Management Platform API
• Vendor Device Storage & Operational Disclosures
• Additional Vendor Information List Specification
• Global Vendor List (GVL) 
• CMP list