With the adoption of the IAB GDPR TCF v2.2 specification, Sourcepoint has collated a timeline and checklist for your organization to ensure the successful migration of your properties' campaigns.
- Transition timeline
- Technical changes
- Campaign migration checklist
- Resources
- Follow IAB GDPR TCF v2.2 - Transition readiness
Transition timeline
Technical changes
In this section, we will cover any on-page technical requirements that may need to be performed in order to migrate your property to IAB GDPR 2.2.
Deprecation of getTCData command
Historically, the tcData object which contains encoded and unencoded values of the TC String, vendors, IAB purposes, etc... pertaining to an end-user's current browser session was accessed via the getTCData command. This command has since been deprecated in IAB GDPR TCF v2.2.
Under IAB GDPR TCF v2.2, add an addEventListener and utilize its callback function to access the tcData object.
//Return tcData object
__tcfapi('addEventListener', 2, (tcdata, success) => { console.log(tcdata) })...
function show_tcdata(success, tcdata) {
// your custom code here
console.log('update to the tcdata object through message or privacy manager');
console.log('the value of success is ' + success);
console.log("tcdata eventStatus is " + tcdata.eventStatus);
console.log('the value of tcdata is ' + JSON.stringify(tcdata));
}
__tcfapi('addEventListener', 2, function(tcdata, success) {
if(success) {
show_tcdata(success, tcdata);
if (tcdata.eventStatus === 'useractioncomplete') {
// call code when user has made an action
show_tcdata(success, tcdata);
} else if (tcdata.eventStatus === 'tcloaded') {
// remove event listener when consent string has loaded
__tcfapi('removeEventListener', 2, (success) => {
console.log('removed event listener: ' + tcdata.listenerId);
}, tcdata.listenerId);
} else if (tcdata.eventStatus === 'cmpuishown') {
// call code when cmp message is shown
}
}
});
...
Stub file (optional)
While not mandatory to migrate to IAB GDPR TCF v2.2, please be advised that the IAB has published a new version of its stub file for v2.2 that fixes some pre-existing bugs. Your organization may want to utilize this opportunity to update the stub file on your implementation.
The updated stub file can be retrieved from the Sourcepoint portal.
<script>
"use strict";function _typeof(t){return(_typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}!function(){var t=function(){var t,e,o=[],n=window,r=n;for(;r;){try{if(r.frames.__tcfapiLocator){t=r;break}}catch(t){}if(r===n.top)break;r=r.parent}t||(!function t(){var e=n.document,o=!!n.frames.__tcfapiLocator;if(!o)if(e.body){var r=e.createElement("iframe");r.style.cssText="display:none",r.name="__tcfapiLocator",e.body.appendChild(r)}else setTimeout(t,5);return!o}(),n.__tcfapi=function(){for(var t=arguments.length,n=new Array(t),r=0;r<t;r++)n[r]=arguments[r];if(!n.length)return o;"setGdprApplies"===n[0]?n.length>3&&2===parseInt(n[1],10)&&"boolean"==typeof n[3]&&(e=n[3],"function"==typeof n[2]&&n[2]("set",!0)):"ping"===n[0]?"function"==typeof n[2]&&n[2]({gdprApplies:e,cmpLoaded:!1,cmpStatus:"stub"}):o.push(n)},n.addEventListener("message",(function(t){var e="string"==typeof t.data,o={};if(e)try{o=JSON.parse(t.data)}catch(t){}else o=t.data;var n="object"===_typeof(o)&&null!==o?o.__tcfapiCall:null;n&&window.__tcfapi(n.command,n.version,(function(o,r){var a={__tcfapiReturn:{returnValue:o,success:r,callId:n.callId}};t&&t.source&&t.source.postMessage&&t.source.postMessage(e?JSON.stringify(a):a,"*")}),n.parameter)}),!1))};"undefined"!=typeof module?module.exports=t:t()}();
</script>Web scripts
| Question | Answer |
| Do I need to upgrade or change my web scripts to accommodate IAB GDPR TCF v2.2? | There is no need to upgrade or otherwise change your web scripts. |
Apps Supportability
Campaign migration checklist
In this section, we have broken down the components/entities that need to be updated and reviewed within the Sourcepoint portal before relaunching a campaign on a property for IAB GDPR TCF v2.2:
- Vendor lists
- Privacy managers
- First layer messages
- On-page privacy manager links
- Reconsents
- Campaigns
Note: The migration checklist is organized in sequential order. Most notably, your organization will need to complete the action items and successfully save your vendor lists so that it is updated to GDPR TCF v2.2 before updating your privacy managers, first layer messages, etc...
Vendor lists
- Legitimate interest is no longer an acceptable legal basis for purpose 3, 4, 5, and 6. Update the legal basis for any of these purposes if legitimate interest is used.
- Review and edit any vendors that have amended their legal bases from GVL 2 to GVL 3.
- Review vendors utilizing purpose 11 (Use limited data to select content), a new purpose in IAB GDPR TCF v2.2), and set allowed legal bases.
- Review illustrations (formerly legal descriptions) and add any supplementary illustrations (new) for each purpose.
Note: Sourcepoint has designed a method to support vendors who have not yet migrated to the Global Vendor List 3 (GVL 3) for the duration of Sourcepoint’s client transition period to IAB TCF v2.2. That is, up until the 20th November 2023 deadline, if a vendor is on GVL 2 and not yet on GVL 3 we will continue to expose them as an IAB vendor in our APIs.
Privacy managers
- Review per-purpose vendor counts.
- Review the changes to names, descriptions and illustrations relating to purposes.
- Review the vendor section displaying new fields for data categories, legitimate interest disclosures, and per-purpose retention periods.
- Review the default copy and add translations (if necessary) to the following fields under the Vendor Content tab for the PrivacyManagerTCFv2, PMTCFv2Inline, or PMTCFv2InlineNeutral component:
- Purpose Title
- Purpose Table Header
- Retention Table Header
- Privacy Policy Legitimate Interest URL Title
- Categories of Data Collected/Processed
First layer messages
- Add vendor list count widget to the description, picking whether to include the count of just IAB GVL vendors or all vendors. Click here for more information.
- Update pre-existing GDPR TCF first layer message account templates to include the vendor list count widget. Click here for more information.
- If your organization does not utilize the stack widget on the first layer message, you must update the stack language in the free-form text to reflect the addition of purpose 11.
On-page/application privacy manager links
- All properties must display an easily accessible link to resurface the privacy manager on all pages of the website or which is easily accessible in the menu of the application. If the link is currently only accessible via the privacy policy you will be required to change your implementations.
- Ensure that the privacy manager includes the option to withdraw consent / reject all.
Reconsents
- A reconsent is not required for end-users that have set consent preferences prior to the November 20, 2023 deadline. These consent strings are valid for 1 year as long as the cookie expiry is set to 365 days.
- A reconsent is likely required if your organization utilizes either the legal basis change or vendor list additions consent gate scenario conditions.
Campaigns
- Review above changes and refresh campaign.
Resources
Find additional information about IAB GDPR TCF v2.2 in the links below:
- Sourcepoint blog: Everything you need to know about TCF v2.2
- IAB announcement: TCF 2.2 Launches! All You Need to Know
Follow IAB GDPR TCF v2.2 - Transition readiness
We strongly encourage all clients to follow this article in order to receive updates of how Sourcepoint is supporting your organization's transition from IAB GDPR TCF v2 to v2.2.
We will regularly update this article with comments as our support for the transition evolves. By following this article, you will receive email notifications whenever these comments are posted.
Note: Only users with approved and valid Sourcepoint credentials can subscribe to articles in our help center. If your organization uses an email alias to forward emails to a group of internal users, you will need to create a Sourcepoint user account for that email address and follow the steps below using those credentials.
Click the + Follow button at the top of the page to follow the article.
Comments
5 comments