GDPR (TCF 2.0)

The Interactive Advertising Bureau (IAB) Transparency and Consent Framework (TCF) 2.0 is effective as of Apr 1st, 2020. The TCF allows businesses to operate in a compliant way under the GDPR by providing a standard format to collect and communicate user consent signals to process their personal information. Feedback from EEA regulators on the initial version led the IAB to develop a more detailed set of specific signals. For more information on the TCF, see TCF 2.0 on the IAB Europe website.

How Index Exchange supports GDPR

Index supports TCF version 2.0.

Note: Index no longer supports TCF version 1.1.


Work with your Consent Management Platform (CMP) in order to ensure your integration supports TCF version 2.0.

IX Library Partners

The IX Library will automatically communicate with your CMP to get and share the consent string with all certified adapters in your IX Library.


Index passes the consent string for TCF 2.0 in the user.ext.consent field in the user extension object of a bid request.

How Index reacts in opt-out cases

When Index determines that an ad request is for a user who has not provided consent, we anonymize certain user information in the bid request sent to our DSPs in the following ways:

  • ip (in the device object): The last octet (IPv4) or two last bytes (IPv6) of the user’s IP address are replaced with a zero(s).
  • lat and lon (in the geo object): Latitude and longitude coordinates are reduced to two decimals which translates to accuracy no less than one third of a mile.
  • All unique IDs from the bid request in the device and user objects that indirectly identify a user are removed.
  • deals (in the pmp object): Audience segment targeted deal IDs are no longer added to the bid request.

For more information about the above bid request fields, see the object descriptions in List of supported OpenRTB bid request fields.