To support publishers, technology vendors and advertisers in meeting the transparency and user consent requirements of the GDPR and ePrivacy Directive, IAB Europe (Interactive Advertising Bureau) has created the GDPR Transparency and Consent Framework.
As the framework is widely supported by the online advertising industry and an integration between Cookiebot and the IAB framework was requested by several Cookiebot users and resellers, Cookiebot is now registered with IAB as a consent management provider (CMP) and has adopted the framework as an optional supplement to the core consent framework already included in the Cookiebot solution.
Concept
IAB’s consent model is fundamentally different from Cookiebot’s core consent model. In general, IAB’s model puts control in the hands of advertisers and vendors by only signaling consent to vendors, whereas Cookiebot can block non-consented vendors and thereby gives control to the publisher, who is liable for all tracking performed by third parties on the publisher’s website. Nevertheless, the two consent models can co-exist on a single website when using Cookiebot.
When obtaining consent from end users, IAB’s framework proposes that each website user must submit a fine-grained consent with up to several hundred choices across different vendors and five purpose categories. To a website user the sheer number of choices might seem as an overwhelming and time-consuming task, so to reduce complexity and the impact on usability, Cookiebot reduces the number of choices to the four main purpose categories for cookies and trackers in Cookiebot’s core consent framework: Necessary, Preferences, Statistics and Marketing.
When using the Cookiebot integration with IAB, it is the user’s consent to the Marketing category of cookies and trackers given in the Cookiebot framework that will be signaled. So, if a website user opts out of Marketing cookies, the opt-out will be signaled to all vendors using the IAB framework on the publisher’s site across the five sub-categories defined in the IAB framework.
To ensure that vendors honor the user’s consent, Cookiebot’s scanner monitors all cookies and similar trackers used on the website. If a IAB-vendor does not honor the user’s consent, cookies set by the vendor will be marked up in the scan report with “Prior consent enabled: No”.
Implementation
Enabling the IAB framework with Cookiebot is straight forward: Just add the attribute “data-framework” to your existing Cookiebot tag with the value “IAB”, e.g.:
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="00000000-0000-0000-0000-000000000000" data-framework="IAB" type="text/javascript" async></script>
From there Cookiebot will automatically signal consent to any vendor using the IAB framework on your website.
Please note that Cookiebot as an IAB registered CMP is under the obligation to work only with publishers that are in full compliance with the IAB Framework policies. By activating the IAB framework in Cookiebot as described above, you confirm to comply with these policies.
Last updated: 3 August 2018
Comments
2 comments
Hi. One of my ad agencies ask me to provide a 'consent string' as described on https://blog.smartadserver.com/gdpr/gdpr-understanding-iab-europes-transparency-consent-framework/
Is there any way to get such a string from Cookiebot?
TIA,
I answer to myself: there is a forum post that address the issue I was asking for: https://support.cookiebot.com/hc/en-us/community/posts/360025082294-IAB-framework-consent-string-and-CookieBot
Please sign in to leave a comment.