Transparency and Consent Management Platform” (“Consent Management Platform”, or “CMP”) means the company or organization that centralises and manages transparency for, and consent and objections of the end user. The CMP can read and update the Legal Basis status of Vendors on the GVL, and acts as an intermediary between a Publisher, an end user, and Vendors to provide transparency, help Vendors and Publishers establish Legal Bases for processing, acquire user consent as needed and manage user objections, and communicate Legal Basis, consent or and/or objection status to the ecosystem. A CMP may be the party that surfaces, usually on behalf of the publisher, the UI to a user, though that may also be another party. CMPs may be private or commercial. A private CMP means a Publisher that implements its own CMP for its own purposes. A commercial CMP offers CMP services to other parties. Unless specifically noted otherwise, these policies apply to both private and commercial CMPs.
i. The Transparency and Consent Framework consists of a set of technical specifications and policies to which publishers, advertisers, technology providers, and others for whom the Framework is of interest may voluntarily choose to adhere.
ii. The goal of the Framework is to help players in the online ecosystem meet certain
requirements of the ePrivacy Directive (and by extension its successor, the upcoming ePrivacy Regulation), and General Data Protection Regulation by providing a way of informing users about inter alia the storing and/or accessing of information on their devices, the fact that their personal data is processed, the purposes for which their personal data is processed, the companies that are seeking to process their personal data for these purposes, providing users with choice about the same, and signalling to third parties inter alia which information has been disclosed to users and what users’ choices are.
iii. Achieving the goals of the Framework requires standardisation of technology, for example of how information is disclosed or how user choices are stored and signalled to participants. It also requires standardising certain information provided to users, choices given to users, behaviours that participants engage in when interacting with users or responding to requests between participants.
iv. The Framework is not intended nor has it been designed to facilitate the lawful processing of special categories of personal data, data relating to criminal convictions, or engaging in certain more strictly regulated processing activities, such as transferring personal data outside of the EU, or taking automated decisions, including profiling, that produce legal or similarly significant effects, for which the law requires meeting additional requirements such as obtaining explicit consent.
v. While participation in the Framework may be a useful, indeed essential building block for the online ecosystem’s compliance with EU privacy and data protection law it is not a substitute for individual participants taking responsibility for their obligations under the law.
vi. The Framework is intended to be updated over time as legislation is updated (e.g. with the upcoming ePrivacy Regulation replacing the ePrivacy Directive), and legal requirements, regulatory practice, business practices, business needs and other relevant factors change.
Source: IAB Europe