Adding support for TCF 2.0

[adamdunnage]

Feature Description

A user in the support forum has asked about support for TCF 2.0. The Transparency and Consent Framework is a GDPR solution which already seems to be supported by several Google products including Analytics and AdSense.

This will need further investigation into how widely this is supported across Google products and if we should adopt this into Site Kit and it's modules. Consideration also needs to be made for new modules and if this will be supported for them.

Related support topic: https://wordpress.org/support/topic/tcf-v2-0-compatibility/

---

Acceptance criteria

Implementation Brief

Test Coverage

QA Brief

Changelog entry

[webdados]

Just to have the information all here, the reason for this is that in the EU you are obliged by law to request consent before serving 3rd party scripts which will have, of course, their own cookies.

For example in Analytics, you are firing it immediately on page load, even if a consent platform (like Quantcast Choice) is installed and the user rejects analytics cookies.

I've done this on my own Analytics implementation: https://gist.github.com/webdados/ffad958d53af0371e8c36a0fc3ede1ea It's probably not the best way to do it, but that's how I managed to achieve it. I'm sure Google engineers will come up with a far better and more solid solution.

Again, this is a legal issue.

[yogeshbeniwal]

From January 16 2024, Google will enforce to require partners using publisher products — Google AdSense, Ad Manager, or AdMob — to use a certified CMP that integrates with IAB Europe’s Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area (EEA) or the UK.

Once enforcement begins, if you send Google an ad request for EEA or UK traffic, and it does not use a TCF-certified CMP (Ad Manager, AdMob, AdSense) personalized and non-personalized ads will no longer be eligible to serve. Instead, only Limited ads will be eligible to serve on Ad Manager and AdMob and no ads will serve on AdSense.

[mxbclang]

@yogeshbeniwal Thanks for getting in touch! I saw your same comment on #4446, so addressing here.

We are aware of the upcoming requirement for partners using publisher products to use a certified CMP. Of the three products listed in your message, only one, AdSense, integrates with Site Kit. AdSense has its own certified CMP that meets these requirements. For the last several months, users who have AdSense connected in Site Kit have been receiving a warning at the top of the Site Kit dashboard that prompts them to go to AdSense and confirm that either they will create their own message via a certified CMP or they would like AdSense to do so on their behalf:

More details are available in this guide.

As a result, at this time, no further action is needed on the Site Kit side, and we do not currently have plans to integrate TCF 2.0 directly within Site Kit. If that changes, we'll update this issue.

Let us know if you have any other questions!

[yogeshbeniwal]

Thanks @bethanylang. Site Kit does integrate another Google products like analytics which also need to be integrated with TCF.

[mxbclang]

Hi @yogeshbeniwal! Based on our conversations with the Analytics team, we're not aware of any necessary additions right now that would be required to make Analytics TCF-compliant within Site Kit. That said, we are speaking with them regarding possibly helping Analytics with DMA compliance in Site Kit.

[tofumatt]

Because there are no plans to integrate TCF into Site Kit at this time, I'm going to close this issue for now as part of issue triage.

We can either re-open this issue or open a new one when/if we plan to add support for TCF 2.0 into Site Kit.