No matter which Consent Management Platform (CMP) you use, when you create a GDPR message using the IAB Europe TCF framework, you’re required to adhere to certain requirements as defined by the IAB Europe.
To adhere to TCF’s requirements, ensure that:
- The default state of each consent toggle in your GDPR message is set to 'no consent', 'no opt in' or 'off'. If you use Privacy & messaging to manage consent messages, this means that users who select 'Manage options' in the GDPR message see that each purpose is set to 'Do not consent'. To learn more, visit the IAB Europe’s Appendix B, Policy C(d).
- The text on the 'Consent' and 'Do not consent' options is not misleading. If you use Privacy & messaging to manage consent messages, when editing a message, don’t change the text on the 'Consent' button to 'Do not consent', for example.
Ads may not serve to users who don’t consent to certain purposes
Google and other ad serving systems may not be able to serve ads to users who don't consent to some or all of purposes. Learn more about the AdMob requirements, Ad Manager requirements and AdSense requirements for personalised and non-personalised ads serving.
What happens when users revoke consent
When your users attempt to make changes to their previously selected consent settings, they'll see that their 'Data purposes' have all been set to "Do not consent'. This happens because if a user chooses to revoke consent status, the GDPR message is displayed as if the user hadn't made any consent decisions.
