A significant update in TCF v2.2 is the change in how certain types of data are handled. Previously, companies could use “legitimate interest” or “consent” as reasons to personalize ads and content. However, with TCF v2.2, “legitimate interest” can no longer be used for some of these purposes. Instead, companies must obtain clear “consent” from users. This gives users more control over their personal data, including the power to say “no” to processing data for these purposes based on legitimate interest, thereby easily exercising their “Right to Object”.
TCF v2.2 also mandates improved user-friendly descriptions regarding purposes and features, as well as additional information on vendors, including categories of data collected, retention periods, and whether legitimate interest applies.
Furthermore, TCF v2.2 introduces a new reason for using personal data: ‘Ensure security, prevent fraud, and debug’. This is a special case where users don’t get to choose whether their data can be used for these purposes. Instead, the companies using the data (known as vendors) must state their legal reason for doing so. This means that for these specific purposes, the vendors don’t necessarily need to ask users for permission to use their data.