AertHulsebos
commented
1 year ago Hi @paaljoachim,
Let's start and see where questions might arise, or specific configurations needed for your clients.
- We will only talk about the current requirements, these will change later this year, but Complianz will cover these when needed.
- The EU User Consent Policy is currently covered by TCF. Google partnered with IAB Europe for this framework specifically and later this year, Google will only listen to TCF CMP's when using Google Advertising Products.
- By definition then, a properly configured TCF CMP covers the EU User Consent Policy.
Now for configuration;
- Complianz translates user settings when TCF is configured for both the TCF API, and all remaining consent management requirements, this includes a banner with required legal texts, default categories and a vendor list with options and required actions. This in contrast to Google's own Adsense consent tooling, or other TCF only cloud solutions.
- For TCF, Complianz handles consent and provides a function
__tcfapi(command, version, callback, parameter). This then provides an object (TCData) with all settings that are applied to that user. This is where Complianz stops. We do not load ads for example, we only provide the tools needed for the Vendors, including Google to show ads based on user preferences. - Configuring your Ads to listen to TCF is either, out-of-the-box, because Vendors listen to the API, if you're using gtag.js you might want to add
window['gtag_enable_tcf_support'] = trueto your gtag.js. When using Sitekit for example, and automatic inserted ads by Google Adsense. Or you can use a plugin like Ad Inserter or Advanced Ads, that listen to TCF and where you can configure that placements, and much more in the plugin.
As this is standardized for publishers, vendors and CMP's, most configurations will work out-of-the-box. Heavily modified, or intrinsic and conditional websites that optimize manually for vendors, bidding etc, instead of letting Adsense handle optimization for revenue, might want to use the __tcfapi themselves for this purpose. (I have not seen any thusfar).
In the wizard, under Consent TCF - we chose to show the categories of data sharing, not the vendors. The default is workable for Google, and 99% of vendors. The reasoning is that you can configure vendors in Adsense or AdManager for example, but you can't easily configure your own privacy standards. One we exclude by default, and what will be implemented by TCF as well, is removing vendors that rely on legitimate interest, without proper foundation.
Sometimes we see hybrid solutions, with different implementations, or affiliates that need a TCF string in a URL or iFrame, etc - these are assisted by our support team.
Leave any questions if you want, if you want to work on a specific site together, please use our support team at support@complianz.io, I will let them know that I will assist.
paaljoachim
The big question that comes up... Going through the wizard in the free/premium version will this cover the needs that Google and others will add?
As there is a list of requirements. I will once again use the email I received from Google. From this issue: https://github.com/Really-Simple-Plugins/complianz-gdpr/issues/398 The EU User Consent Policy outlines your responsibility as a user of our ad technology to:
• | Obtain EEA along with UK end users’ consent to: ○ | the use of cookies or other local storage where legally required; and ○ | the collection, sharing, and use of personal data for personalization of ads. • | Identify each party that may collect, receive or use end users’ personal data as a consequence of your use of a Google product. • | Provide end users with prominent and easily accessible information about those parties’ use of personal data
The requirements list will vary depending on the site. If it is a personal site, organization or eCommerce site. Also location of site and target audience. Which means that at the beginning of the wizard it should perhaps start with a scan of the site to see what kinds of plugins, scripts etc are used and then ask what kind of site it is. Based on scan and asking the user it would be helpful to have Complianz know the requirements for a specific type of site. Then help the user with a mix of automatic as well as user interaction to get the requirements covered. At the end of the wizard the requirements could be listed showing the Complianz has taken care of the needed requirements. As it would give a reassurance that it has been taken care of.