Legal bases

The term legal bases refers to the lawful purpose for processing of personal data, which can be found in Art. 6 GDPR and Art. 5 (3) ePD.

The IAB formed these legal requirements into the following own legal bases in their Transparency and Consent Framework (TCF):

Service-specific scope

User’s privacy settings apply only to the website where they were requested on.

Group-specific scope

Legal Bases apply to a pre-defined group of services (e.g. Digital Properties of one or more Publishers, each one allowing users to manage their consent across all of the group).

Global scope

Legal Basis applies across all publisher digital properties who implemented a CMP with global scope, which allows user to manage their consent globally across all publisher digital properties who chose the global scope. The consent choices and objections are binding for all parties involved in the global scope and the end user needs to be informed with whom his personal information will be shared. E.g. user object to certain purposes on one website, all other websites participating in the global scope need to respect that choice.

Out-of-band (OOB)

Legal Basis is not established using this Framework.