To support publishers, technology vendors and advertisers in meeting the transparency and user consent requirements of the GDPR and ePrivacy Directive, IAB Europe (Interactive Advertising Bureau) has created the GDPR Transparency and Consent Framework (TCF v2.0).
As the framework is widely supported by the online advertising industry, Cookiebot is registered and certified with IAB as a consent management provider (CMP id 134) and has adopted the framework as an optional supplement to the core consent framework already included in the Cookiebot solution. The integration also covers Google's "Additional Consent Mode" (Google AC) as a bridge for vendors who are not yet registered on the IAB Europe Global Vendor List (GVL).
IAB’s consent model is fundamentally different from Cookiebot’s core consent model. In general, IAB’s model puts control in the hands of advertisers and vendors by signaling the user's consent to advertising vendors, whereas Cookiebot can block non-consented vendors and thereby gives control to the publisher, who is liable for all tracking performed by third parties on the publisher’s website. Nevertheless, the two consent models can co-exist on a single website.
With version 2 of TCF, IAB have introduced strict policies on the wording and configuration of the cookie consent banner. When using the Cookiebot integration with IAB TCF, a standard and non-editable, IAB-certified message will be displayed in your banner before the text that you have defined in the Cookiebot Manager. Read more about the standard message and auto-configuration of the banner here: https://support.cookiebot.com/hc/en-us/articles/360015693200.
Also an extra panel with the title "Ad Settings" will automatically be available to the end user on the cookie banner's details-layer:
To ensure that vendors honor the user’s consent, Cookiebot’s scanner monitors all cookies and similar trackers used on the website. If an IAB-vendor does not honor the user’s consent, cookies set by the vendor will be marked up in the scan report with “Prior consent enabled: No”.
Enabling the IAB framework with Cookiebot is straightforward: Just add the attribute “data-framework” to your existing Cookiebot tag with the value “IAB”, e.g.:
If you are using Cookiebot with a tag manager, e.g. Google Tag Manager (GTM), which automatically strips all attributes but "src" from the script tag, you can enable the IAB framework by including the URL query "framework=IAB" in the tag src-attribute, e.g. "https://consent.cookiebot.com/uc.js?cdid=00000000-0000-0000-0000-000000000000&framework=IAB".
If you are using the standard Cookiebot template from the GTM Gallery, all you need to do is to check the "Enable IAB Transparency and Consent Framework" option to enable TCF on your site.
From there, Cookiebot will automatically signal consent to any vendor using the IAB framework on your website.
<script id="CookiebotConfiguration" type="application/json" data-cookieconsent="ignore">
"AllowedVendors": [2, 6, 8],
Google Additional Consent Mode
For IAB Vendors
__tcfapi('getTCData', 2, (tcData, success) => success && console.log(tcData));
__tcfapi('addEventListener', 2, (tcData, success) => success && console.log(tcData));
The Google AC string is included in the tcData object with the property name "addtlConsent" as suggested by Google on https://support.google.com/admanager/answer/9681920.