On May 25th, 2018, the new EU data protection regulatory framework – the General Data Protection Regulation ("[GDPR](🔗)") – came into effect.
Taboola takes considerable efforts to ensure that its privacy practices comply with data protection laws and the industry's best practices.
If you need to pass the user's consent status to Taboola, you have two options to do so:
Implement your own/3rd party CMP
Pass the consent status directly to Taboola
Please choose one of the options according to the following instructions:
## Working with a CMP (IAB consent framework)
### TCFv1 Support
Taboola added support for the IAB consent framework (TCFv1) in Android SDK version **2.2.3**. Please make sure you are using this SDK version or above.
### TCFv2 Support
Taboola added support for the IAB Transparency and Consent Framework v2.0 (TCFv2) in Android SDK version **2.6.0**. Please make sure you are using this SDK version or above.
If we do not receive a valid consent signal, **Taboola** will serve contextual recommendations only, _without_ the use of personal data.
This can happen if Taboola SDK loads _before_ your CMP renders.
To ensure best performance with personalized recommendations, make sure that your CMP script loads _as early as possible_.
## Passing consent status directly to Taboola SDK
It is possible to forward the consent status to Taboola SDK (on any SDK 2.x version) on each time the widget/feed is initialized using a dedicated flag - `
cex`. The consent boolean value (in string format) should be passed on each SDK session.
By default, the value of this flag is set to "true" - allowing Taboola to use the user's data. Please use the flag only when the end-user is GDPR subject and set it to "true" (user provided consent), or "false" (user didn't provide consent). It is recommended to place these lines alongside the other settings, such as publisher name, etc
If you're using "user_opt_out" key to indicate consent/no-consent, please replace it with the "cex" flag