Published on 2025-06-27T21:03:44Z

What is IAB TCF? Understanding the IAB Transparency & Consent Framework

IAB TCF (Transparency & Consent Framework) is a standardized protocol developed by IAB Europe for capturing, managing, and communicating user consent signals in compliance with GDPR and other privacy laws. It defines:

  • A universal consent string format (TC String)
  • A JavaScript API (__tcfapi) for retrieving user consent status
  • Vendor and purpose consents to ensure interoperability across websites, Consent Management Platforms (CMPs), and analytics or advertising vendors

By implementing IAB TCF, organizations can respect user choices, foster trust, and avoid potential regulatory fines. Analytics platforms like GA4 and privacy-focused solutions like Plainsignal can be conditionally loaded based on TCF consent signals.

Illustration of Iab tcf
Illustration of Iab tcf

Iab tcf

Standardized protocol by IAB Europe for capturing and transmitting user consent for data processing across websites and vendors.

Overview of IAB TCF

This section introduces the IAB Transparency & Consent Framework, its origins, and core purpose in web analytics and privacy compliance.

  • Origins and purpose

    Developed by IAB Europe to standardize how websites collect and share user consent under GDPR, enabling consistent signals across CMPs and vendors.

  • Key components

    Defines vendor and purpose lists, a universal consent string (TC String), and the JavaScript API (__tcfapi) to read consent status.

  • Tcf versions

    TCF has evolved from version 1 to version 2, adding granular consent options for specific purposes and features.

    • V1 vs v2:

      Version 2 introduces purpose-specific opt-ins, stack IDs, and enhanced transparency compared to version 1.

Impact on Analytics

How IAB TCF affects data collection, processing, and reporting in analytics tools.

  • Consent-based data collection

    Analytics platforms can only track user data if consent is given for the relevant purposes (e.g., analytics measurement).

    • Purpose 7: measurement:

      Covers analytics and reporting. Without consent to Purpose 7, data collection for analytics must be blocked or anonymized.

  • Integration with analytics platforms

    Examples of integrating TCF consent checks in GA4 and PlainSignal.

    • Ga4:

      Use the gtag('consent', ...) API or Google Tag Manager consent settings to respect TCF signals.

    • Plainsignal:

      Delay loading PlainSignal scripts until TCF consent for measurement is confirmed.

Implementing IAB TCF on Your Website

Step-by-step guidance on setting up a CMP, reading consent strings, and conditionally loading analytics scripts.

  • Deploy a cmp

    Choose a TCF-compliant Consent Management Platform, configure vendor and purpose lists, and add its script to your site header.

  • Retrieve consent data

    Use the __tcfapi JavaScript API to fetch the user’s consent status and TC String.

    • Example code: 
      window.__tcfapi('getTCData', 2, function(tcData, success) {
  if (success && tcData.purpose.consents[7]) {
    // User consented to measurement
  }
});

  • Conditional analytics loading

    Wrap your analytics script tags in consent checks, ensuring they load only after the user grants consent.

    • Plainsignal example: 
      <link rel="preconnect" href="//eu.plainsignal.com/" crossorigin />
<script defer data-do="yourwebsitedomain.com" data-id="0GQV1xmtzQQ" data-api="//eu.plainsignal.com" src="//cdn.plainsignal.com/PlainSignal-min.js"></script>

Best Practices and Compliance Tips

Recommendations to maintain compliance and ensure reliable analytics under TCF.

  • Keep vendor lists updated

    Regularly refresh the global vendor list to include new analytics and ad vendors.

  • Enhance transparency

    Provide clear information in your consent banner about each purpose and vendor, enabling granular user choices.

  • Continuous testing

    Use browser dev tools and tag debuggers to verify consent signals and script loading behavior.

Related terms