TCF 2.2


Lotame enforces a Strict Consent policy for the EEU region for ALL clients (platform, data providers, sync channels, etc). This enforcement is only on requests coming in client-side. TCF is IAB’s industry-wide framework to allow publishers to share consent with all ad tech vendors they work with. By default, every client's consent policy will be to have consent be strict for countries under GDPR jurisdiction, and implicit for those outside. TCF will also be enabled for GDPR jurisdiction, but is optional outside of it.

Viewing/Updating policy via the API

The changes may be executed by the API. A few endpoints control this and they are relatively simple to work with:

Check Current Consent Policy

GET /clients/{client_id}/consentPolicy

This endpoint is for checking a client's current consent policy. The endpoint only requires a client ID be provided, and will return the current configuration for just the given client. If a policy is not returned, one has not been set.

Create Consent Policy

PUT /clients/{client_id}/consentPolicy/{consent_policy_type}/tcfEnabled/{tcf_enabled}/usPrivacyEnabled/{us_privacy_enabled}

This endpoint is for creating consent policies. It will override any existing policy when executed. It will only allow for creation of policies with "GLOBAL_STRICT" or "EEU_STRICT_NONEEU_IMPLICIT".

Remove Consent Policy

DELETE /clients/{client_id}/consentPolicy

This endpoint will remove consent policies, which is not advised currently, except when specifically authorized. 

Some important notes: 

  • A child / publisher client will also be held to the consent configuration of its Owner network if it does not have a policy of its own.

  • An account with no policy also will be subject to TCF requirements for GDPR controlled areas as a fallback, unless they are on the exclusion list. But a policy on an owner parent will still override the exclusion.