To support publishers, technology vendors and advertisers in meeting the transparency and user consent requirements of the GDPR and ePrivacy Directive, IAB Europe (Interactive Advertising Bureau) has created the GDPR Transparency and Consent Framework (TCF v2.0).
As the framework is widely supported by the online advertising industry, Cookiebot is registered and certified with IAB as a consent management provider (CMP id 134) and has adopted the framework as an optional supplement to the core consent framework already included in the Cookiebot solution. The integration also covers Google's "Additional Consent Mode" (Google AC) as a bridge for vendors who are not yet registered on the IAB Europe Global Vendor List (GVL).
IAB’s consent model is fundamentally different from Cookiebot’s core consent model. In general, IAB’s model puts control in the hands of advertisers and vendors by signaling the user's consent to advertising vendors, whereas Cookiebot can block non-consented vendors and thereby gives control to the publisher, who is liable for all tracking performed by third parties on the publisher’s website. Nevertheless, the two consent models can co-exist on a single website.
With version 2 of TCF, IAB have introduced strict policies on the wording and configuration of the cookie consent banner. When using the Cookiebot integration with IAB TCF, a standard, non-editable, IAB-certified message will be displayed in your banner before the text that you have defined in the Cookiebot Manager. Read more about the standard message and auto-configuration of the banner here: https://support.cookiebot.com/hc/en-us/articles/360015693200.
An extra panel with the title "Ad Settings" will automatically be available to the end user on the cookie banner:
To ensure that vendors honor the user’s consent, Cookiebot’s scanner monitors all cookies and similar trackers used on the website. If an IAB-vendor does not honor the user’s consent, cookies set by the vendor will be marked up in the scan report with “Prior consent enabled: No”.
Enabling the IAB framework with Cookiebot is straightforward: Just add the attribute “data-framework” to your existing Cookiebot tag with the value “IAB”, e.g.:
If you are using Cookiebot with a tag manager, e.g. Google Tag Manager (GTM), which automatically strips all attributes but "src" from the script tag, you can enable the IAB framework by including the URL query "framework=IAB" in the tag src-attribute, e.g. "https://consent.cookiebot.com/uc.js?cdid=00000000-0000-0000-0000-000000000000&framework=IAB".
If you are using the standard Cookiebot template from the GTM Gallery, you need to check the "Enable IAB Transparency and Consent Framework" option to enable TCF on your site.
You will also need to add the following line of code above your global site tag or Google Tag Manager snippet on all pages where you have Google Ads tags:
From there, Cookiebot will automatically signal consent to any vendor using the IAB framework on your website.
Google Additional Consent Mode
Google AC Vendors can be selected in the array "AllowedGoogleACVendors" as described above and will be added to the end of the existing IAB partner list in a separate section.
For IAB Vendors
This means that vendors can read out the user's consent state from the tcData object and string when Cookiebot is loaded and exposes the stub function "__tcfapi":
To respond to changes in the user's consent state, vendors may subscribe a callback function to an event listener:
The Google AC string is included in the tcData object with the property name "addtlConsent" as suggested by Google on https://support.google.com/admanager/answer/9681920.