Non-IAB Vendors

These vendors are not part of the TCF and are not required to adhere to the policies and guidelines of the framework. As a site or app owner, you will need to decide which of these types of vendors to work with. Additionally, to provide users with transparency as required by the GDPR, you will need to manually input a description of each non-IAB TCF vendor and link to their privacy policy. See Non-IAB Vendor Configuration and Management for full instructions.

Key information to know before setting up non-IAB vendors: 

  • Non-IAB vendors are vendors who have not registered with IAB Europe and are not participating in the TCF and not following TCF policies. For example, Facebook. 
  • Vendors who registered with IAB and are participating in the TCF are listed in the Global vendor list which enables CMPs to create signals regarding them. Here is IAB Vendor List TCF v2.2. Read more about IAB’s definition of GVL here
  • Only TCF vendors will receive signals. Because non-IAB vendors are not listed in the Global Vendor List, it is not possible to create a signal to transmit to non-IAB vendors. 
  • Non-IAB support only enables publishers to show the vendor to the consumer and obtain a consumer's privacy preferences for that vendor, not the ability to transmit it in a standard way. 

Managing Non-IAB Vendors

When setting up your non-IAB vendors you need to consider a few things. You should consult with your legal team before proceeding to work with a vendor outside of the TCF.

  • By listing a non-IAB TCF vendor, you will be taking responsibility for the accuracy of the description you provide, and may be liable for inaccuracies
  • Do the vendors have a presence on your site, for example do their tags appear on a page you control?
  • You will need to control the firing of technology for these vendors using some form of tag management (e.g., Google Tag Manager (GTM) or Tealium). For implementation with GTM, view our GTM Implementation Guide.
  • Non-IAB TCF registered vendors do not receive a signal nor can they read the TCF signal without being registered with the Global Vendor List. In the absence of signals that allow you to control a vendor's behavior, you are responsible for ensuring the vendor's behavior is consistent with user preferences using some other mechanism. You may need to consider whether partial consents require you to prevent a non-IAB vendor from processing altogether if there is no signaling mechanism for partial consents.

Adding Non-IAB Vendors

  1. Click the Non-IAB Vendors tab. You will see the default screen.
  2. Click the Add a Vendor button at the top right or center of the page. When you click the button, you will see the following modal.

  3. You need to fill out the following information:
    Field What is this? Example Required?
    Vendor Name The name of the vendor that users will see listed in the non-IAB vendor section of your CMP. Use the official registered company name for the vendor. Acme Inc. Yes
    Vendor Description A description of the vendor to be displayed in your list. Acme is an ad tech company focused on providing brand lift studies for brands. Yes
    Vendor Privacy Policy The full path URL to the vendor’s privacy policy on their site. https://www.vendor.com/privacy_policy_link Yes
  4. Click the Purposes link to set the purposes and the legal basis this vendor relies on to operate technology on your site.

  5. Click the Save Vendor button.

Your newly created vendor will be added to your non-IAB vendors tab list in the portal and will appear in the CMP in the partner screen.

In the portal, the vendor will be given a non-IAB vendor ID which will correlate to their position in the non-IAB vendor cookie and the non-IAB vendor API. You will now need to manage these vendor technologies using the non-IAB APIs and/or cookie - instructions.

Note

We recommend adding non-IAB Vendors in batches if you are planning to add multiple non-IAB Vendors to your CMP for disclosure, in order to minimize the amount of times your users will be re-prompted on the site.

You have completed all the configuration options for the InMobi CMP and can apply the Universal tag to the site.

nonIABVendorConsent API

You need to use the nonIABVendorConsent API to gather user consent. Each vendor you specified is assigned an id and stored in the consent.nonIabVendorConsents object. Check each entry as needed for consent (true/false). Here is an example using a fictitious vendor "Non-IAB Company" with id 1 for which needs consent for purpose 1 and 3 to operate.

__tcfapi('getNonIABVendorConsents', 2, function(consent, success) { 
    // check consent for non-IAB vendor with id 1. Always check 
    // whether the callback returned success and GDPR applies
    if (   success 
        && consent.gdprApplies
        && consent.nonIabVendorConsents[1]
       ) {
        // Use getTCData to validate consent is given for the 
        // purposes declared in the configuration step
        __tcfapi('getTCData', 2, function(tcdata, success) {
          if (   success 
              && consent.gdprApplies) {
              if (   tcdata.purpose.consents[1]
                  && tcdata.purpose.consents[3]) {
                  nonIabCompanyTag(); // replace this with your own code
                  console.log("Debug: ", tcdata.purpose.consents[1],
                    tcdata.purpose.consents[3]);
              }
          }
        });
    }
});

You can make that call anywhere in your code where you need to check for consent for your non-IAB vendor you use on your page.

You also need to manually configure your Google tag(s) on your site to behave based on the consent preference made and on the product the user is using.

For NonIAB vendor API along with all other APIs, you can learn more here.

On This Page

Last Updated on: 13 Feb, 2024