GDPR and US Privacy State Laws

Overview

Taboola is committed to complying with data-protection laws and best practices, including support for TCF 2.2 (TCF Implementation Guidelines) for GDPR and GPP (Global Privacy Platform) for the different US Privacy State Laws.

As such, you need to implement the relevant flows for GDPR and CCPA. Full details are provided below.

🚧

If you skip this setup, Taboola might not be able to serve personalized recommendations.

GDPR

In order to provide personalized recommendations for visitors in the EU, you will need to comply with the GDPR.

2 flows are supported:

  1. (Preferred) Using a CMP (Consent Management Platform).
  2. Passing consent directly.

🚧

Implement 1 of the above flows (not both).

Flow I: Using a CMP (Preferred)

If your web page integrates with a CMP, Taboola will collect the consent automatically. No further action is required on your part.

🚧

Guidelines

Load your CMP script as early as possible (before Taboola content is fetched). Otherwise, Taboola might not be able to serve personalized recommendations.

Flow II: Passing consent directly

On each page, pass a cex flag, with a boolean value (as a String). Make sure to pass a new value for each new user session.

By default, the value of the cex flag is 'true', allowing Taboola to make use of the user's data.

If GDPR applies, set the flag accordingly (otherwise, take no action):

  • 'true' - end-user consented.
  • 'false' - end-user declined.

Example

Add the following line to the page <body>, as early as possible:

window._taboola = window._taboola || [];
_taboola.push({ cex: 'true' }); // User consented

🚧

The respective flows for GDPR and CCPA use 'true'and'false' in opposite ways.

US Privacy State Laws

In order to provide personalized recommendations for visitors in different US States Privacy Laws, you will need to comply with the different US Privacy State Laws.

2 flows are supported:

  1. (Preferred) IAB GPP Framework
  2. Passing consent directly.

📘

Implement 1 of the above flows (not both).

Flow I: Using the IAB GPP Framework (Preferred)

If your web page integrates with a GPP CMP, Taboola will collect the consent automatically. No further action is required on your part.

🚧

Guidelines

Load your CCPA script as early as possible (before Taboola content is fetched). Otherwise, Taboola might not be able to serve personalized recommendations.

Flow II: Passing consent directly

On each page, pass a cdns flag, with a boolean value (as a String). Make sure to pass a new value for each new user session.

You can set the flag with the following values:

  • 'true' - US Privacy State Law applies - and the end-user declined ("Do not sell" is true).
  • 'false' - US Privacy State Law applies - and the end-user consented ("Do not sell" is false).
  • 'none' - US Privacy State Law does not apply (default).

An example

Add the following line to the page <body>, as early as possible:

window._taboola = window._taboola || [];
_taboola.push({ cdns: 'false' }); // User consented

🚧

The respective flows for GDPR and US Privacy State Laws use 'true'and'false' in opposite ways.

💁🏻

Need a hand?

Go ahead! Ask a question in our Support Forum.