We invited Božo Janković, Head of Ad Monetization at Gamebiz Consulting, to share his expert knowledge on the latest Google consent rules.  

In our post, we cover several important topics, including:

• What a CMP and TCF are
• When Google’s consent requirements will (actually) roll out fully
• Best practices for implementing a CMP, and important things to remember
• Additional tasks publishers need to do beyond integrating the CMP
• How to combine different consent pop-ups effectively

And there’s more! Let’s dive into the insightful conversation.

[ Roman from Tenjin ]: What has changed since January 16th 2024?

[ Božo ]: January 16th 2024 was the official deadline by which Google said they would start enforcing TCF. This means mobile apps that are showing ads to their users in the European Economic Area (EEA) and the UK, will require a TCF 2.2 compliant consent string for those users if the publisher wants to show Google ads to those users in these regions.

Unofficially, even though this unofficial deadline has not been disclosed publicly, we do have some information that the actual implementation of these requirements started only on Feb 1st, and will gradually be rolled out across the board by the end of February. So January 16th was the original deadline, but nothing changed in practice. 

This means that if a mobile app is not showing a CMP message, and not providing a consent string to Google by the end of February 2024, they will not be able to show ads to users in those regions.

[ Roman from Tenjin ]: What do the 2 abbreviations: CMP and TCF mean?

[ Božo ]: CMP stands for Consent Management Platform, and it is a tool that a developer can use to collect consent from their users that will be recognized by Google and other ad providers.

TCF is a consent mechanism or “consent standard” that has been introduced by the International Advertising Bureau (IAB) and which has a minimum requirement that needs to be met in order for consent to be considered valid under their terms. It is an attempt to have standardized consent across the industry. So Google is saying, you have to have this kind of consent in order to keep working with us in the EEA and UK. It can not be a simple true or false value, but needs to be a string value (TCF) which is recognized not only by Google, but other ad providers in the market.

It is also meant to standardize and simplify how publishers, who are in direct contact with their users, are able to collect that consent and how they pass it on to ad providers.

[ Roman from Tenjin ]: So if publishers and developers don’t implement this, they can basically say goodbye to getting ad revenue from users based in EEA and the UK, right?

[ Božo ]: Yes, exactly.

[ Roman from Tenjin ]: So the CMP would do all of the heavy-lifting now, right?

[ Božo ]: Yes and no. There are a few important aspects of implementation. The CMP is surfacing the message to users where they are asking users for consent. So the content of the message, and how technically everything works is part of the service you are getting from the CMP. 

However, there are some things that still need to be done on the developer’s side. For example, the integration of the CMP needs to be done from the developer’s side, because every CMP requires a software development kit (SDK) to be integrated into the code of the app –  and this is something only a developer can do. And aside from that, you as a developer still need to make some decisions. For example, which providers you will list in the CMP message, how you will handle other pop ups that you may have in your apps, like terms of service, privacy policy, and App Tracking Transparency (ATT) pop ups on iOS devices, as well as when you will surface this message. So even though the CMP as a service is delivering a lot of the things that need to be done, there are many things that need to be considered on the publisher’s side as well.

[ Roman from Tenjin ]: Even from the Tenjin side, we have seen the following use cases:

1. Whenever a user opts out, the developers do not initialize the Tenjin SDK at all
2. Tenjin helps pass the consent back to Google so they could know how to target a user

[ Božo ]: Right. So apart from ad monetization, which is partially already affected and will be fully affected by the end of February 2024, we are also going to see an impact on user acquisition. So all publishers that are doing specific types of Google campaigns, that are relying on tracking users post install, they would also need to provide consent in order for those users to be tracked. 

And if you choose to list your analytics tools in the CMP message, and depending on other settings of the CMP message such as whether or not you are relying on legitimate interests for certain purposes, this is where the complexity kicks in. How are you going to handle other tools apart from the ad monetization and user acquisition areas depending on whether the user gave consent or not, and so on. It’s not all black and white, it depends on the implementation as well.

[ Roman from Tenjin ]: From your experience, have you already noticed developers starting to treat EEA and non-EEA users in a different way?

[ Božo ]: We haven’t seen any changes in how ads are set up, or how users are being treated by developers. The only difference is that this CMP message, since it is only required by Google to show in those regions, the message is only being surfaced for users outside those regions. So for users outside the EEA and UK, nothing has really changed. So the flow, initially when you install the app, has remained the same.

Access the full interview in the video above.