In digital advertising, a TCF purpose is one of the standardized reasons a vendor can process your data under IAB Europe's Transparency and Consent Framework. The framework currently defines 11 purposes, 3 special purposes, and a set of features and special features.
What Is a TCF Purpose?
A TCF purpose is a defined reason for processing personal data that a vendor declares under IAB Europe's Transparency and Consent Framework (TCF). Each purpose carries its own legal basis of consent or legitimate interest. The vendor picks a legal basis per purpose, and the framework requires a cookie banner to give the visitor a real choice for each one. When a banner lists items like "store information on a device" or "measure advertising performance," it is showing you TCF purposes.
The word "purpose" here is doing precise legal work. It answers the question "why is this vendor processing my data?" with a single, standardized reason, not a vague catch-all. IAB Europe defines these purposes so every vendor on the Global Vendor List describes its data use the same way. No site has to invent its own banner language from scratch.
Purposes are not the only construct in the IAB Transparency and Consent Framework. The framework also defines special purposes (no user choice, covered next), features, and special features. A publisher can also register a custom purpose of its own, outside the 11 standard ones. Custom purposes carry no standardized cross-vendor meaning, though.
Purposes are one piece of the wider consent management picture a site has to handle, alongside cookie scanning, consent logging, and policy documentation.
Once a visitor makes a choice, that choice does not stay on one screen. It gets encoded in the TC String, a compact signal the CMP passes to every vendor on the page. Each vendor then knows exactly which purposes the visitor allowed.
The 11 TCF Purposes, Explained
IAB Europe's current Appendix A defines 11 standard purposes, each with a fixed standard name and a specified legal basis.
| # | Standard name | Legal basis |
|---|---|---|
| 1 | Store and/or access information on a device | Consent |
| 2 | Use limited data to select advertising | Consent or legitimate interest |
| 3 | Create profiles for personalised advertising | Consent |
| 4 | Use profiles to select personalised advertising | Consent |
| 5 | Create profiles to personalise content | Consent |
| 6 | Use profiles to select personalised content | Consent |
| 7 | Measure advertising performance | Consent or legitimate interest |
| 8 | Measure content performance | Consent or legitimate interest |
| 9 | Understand audiences through statistics or combinations of data from different sources | Consent or legitimate interest |
| 10 | Develop and improve services | Consent or legitimate interest |
| 11 | Use limited data to select content | Consent or legitimate interest |
These 11 names are IAB Europe's own standard text, published in the TCF Policies document. Every compliant CMP must display them as written, not paraphrased.
Purposes That Always Require Consent
Five purposes carry no legitimate-interest option, so a vendor must get an affirmative yes before processing under any of them.
- Purpose 1: stores or reads information on the visitor's device, such as a cookie or device ID.
- Purpose 3: builds a profile for personalized advertising from the visitor's activity.
- Purpose 4: selects which personalized ad to show using that profile.
- Purpose 5: builds a profile for personalizing content instead of ads.
- Purpose 6: selects which personalized content to show using that profile.
Purposes That Allow Consent or Legitimate Interest
Six purposes give the vendor a choice of legal basis, so the visitor can object to legitimate interest instead of granting or refusing consent outright.
- Purpose 2: selects a basic, non-personalized ad using contextual signals.
- Purpose 7: measures whether an ad was delivered and how it performed.
- Purpose 8: measures whether content was delivered and how it performed.
- Purpose 9: builds audience statistics by combining data across sources.
- Purpose 10: develops and improves the vendor's own products.
- Purpose 11: selects content using limited, non-profile data.
For these six, the vendor picks consent or legitimate interest, and the visitor keeps the right to object when the vendor chooses legitimate interest.
What Are TCF Special Purposes?
A special purpose is a data-processing reason for which the visitor gets no choice. IAB Europe treats it as necessary to run the framework itself, always under legitimate interest. IAB Europe's current Appendix A defines three: security and fraud prevention, technical ad and content delivery, and saving the visitor's own privacy choices.
- Special Purpose 1, "Ensure security, prevent and detect fraud, and fix errors", covers monitoring for and blocking abusive or fraudulent activity.
- Special Purpose 2, "Deliver and present advertising and content", covers the technical work of matching device and context signals. This is what makes an ad or piece of content actually render.
- Special Purpose 3, "Save and communicate privacy choices", covers storing and passing along the visitor's own consent decisions. That signal, encoded as something like the TC String, lets every vendor on the page respect the same choice.
Special Purpose 3 is newer than the other two. IAB Europe's changelog adds it in a 2024 amendment. The change gives the framework its own legal basis for handling the TC String once regulators treat that string as personal data. Older CMP documentation and older comparison articles online still describe only two special purposes. Those pages predate the amendment; they do not describe a different, still-current version of the framework.
TCF Features and Special Features
A feature is a technical mechanism that supports a purpose without giving the visitor a separate choice. A special feature carries its own required opt-in, off by default.
Features cover cross-vendor technical mechanics: matching data from separate sources, linking a visitor across devices, or reading device information that arrives automatically with the request. A vendor uses these mechanics to carry out purposes it has already declared a legal basis for. The feature itself does not need a separate consent toggle in the banner.
Special features work differently, because both existing ones touch sensitive signals:
- Special Feature 1, precise geolocation, covers location data accurate to within 500 meters, or latitude and longitude beyond two decimal places. A vendor cannot collect this without a dedicated opt-in.
- Special Feature 2, actively scanning device characteristics for identification, covers fingerprinting-style techniques that probe a device's hardware or software traits to build an identifier. Publishers report this one stays off by default in their CMP until someone deliberately turns it on.
Both special features require an explicit, separate opt-in from the visitor. A vendor cannot bundle either one into a general "accept all" without disclosing it distinctly.
Consent vs Legitimate Interest: The Legal Basis Behind Each Purpose
Consent means a vendor needs an affirmative yes before processing. Legitimate interest means processing can proceed by default unless the visitor objects. Under the current TCF purpose list, five purposes (1, 3, 4, 5, 6) allow consent only. The other six (2, 7, 8, 9, 10, 11) let the vendor choose between consent and legitimate interest. The visitor stays free to object to that choice.
This split is narrower than it used to be. A widely repeated online claim says legitimate interest was removed entirely in TCF v2.2. That overstates it. v2.2 removed legitimate interest specifically from the advertising and personalization purposes, 3 through 6. Those purposes build or use a profile from the visitor's activity, which is why they need an affirmative yes. Purposes 2 and 7 through 11 still allow either legal basis, covering mostly measurement, audience insight, and service improvement.
The distinction matters in practice. A vendor relying on legitimate interest for Purpose 9, for example, must still let the visitor object. A compliant banner surfaces that objection option per purpose, not as a single blanket toggle. This opt-in, object-or-accept mechanic is the same underlying model behind opt-in and opt-out consent generally, though US state laws apply it outside the TCF entirely.
Purposes vs Special Purposes vs Features vs Vendors: How They Differ
A purpose gives the visitor a choice and a vendor a legal basis. A special purpose and a feature carry no separate choice, while a special feature requires its own opt-in. A vendor is the company doing the processing, a separate axis from any of the other three.
| Construct | What it is | Does the visitor get a choice? |
|---|---|---|
| Purpose | A declared, standardized reason to process data | Yes, per purpose |
| Special Purpose | A framework-necessary reason (security, delivery, saving choices) | No, legitimate interest only |
| Feature | A technical mechanism supporting a declared purpose | No, no separate toggle |
| Special Feature | A sensitive mechanism (geolocation, device scanning) | Yes, separate opt-in required |
| Vendor | The company registered on the Global Vendor List doing the processing | Yes, but as its own separate consent |
The axis that trips up the most readers is purpose consent versus vendor consent. A visitor can allow Purpose 3 in general while still refusing consent to a specific vendor on the Global Vendor List, or the reverse. Allowing a purpose does not automatically allow every vendor that uses it. The banner has to record both axes; a vendor only processes data when both the relevant purpose and that vendor's own consent line up.
How Many TCF Purposes Are There? Version History
The current framework, TCF v2.3, carries forward the same 11 standard purposes that v2.2 established in 2023. Its own headline change is unrelated to the purpose count. TCF v1.1 launched with 5 purposes in April 2018. TCF v2.0 expanded to 12 purposes in August 2019. TCF v2.2, announced in May 2023, consolidated the list to 11 and rewrote several purpose names in plainer language. It also added data retention periods and removed legitimate interest as an option for Purposes 3 through 6.
TCF v2.3 was released in June 2025, with a vendor and CMP adoption deadline of 28 February 2026. That deadline has now passed, so v2.3 is the only valid state. A TC String issued without the mandatory Disclosed Vendors segment is now treated as invalid. That segment closes an ambiguity for vendors that declare special purposes without clearly disclosing which vendors they shared data with. Separately, in mid-2024, IAB Europe amended Appendix A to add Special Purpose 3. That amendment gives the framework its own legal basis for saving and communicating the visitor's privacy choices. Regulators now treat that signal as personal data.
Because v2.3 rolled out gradually and Special Purpose 3 predates it by roughly a year, some banners and reference pages online still reflect v2.2 defaults. Any such CMP that still omits the Disclosed Vendors segment is now non-compliant, not merely behind.
How Consently Handles IAB TCF Purposes
Consently is a consent management platform that surfaces the standard TCF purposes and special features directly in your banner, recording each visitor's choice per purpose. Because Consently supports IAB TCF, a visitor sees the standardized purpose names, not a paraphrase. Every accept, reject, or objection gets logged against that exact purpose.
IAB TCF support ships on every Consently plan, Basic through Enterprise, rather than sitting behind an upgrade. Your IAB TCF settings and your Google's Consent Mode settings configure separately, so turning one on does not silently change the other.
If your site runs no programmatic advertising, you can switch IAB TCF off entirely and rely on Consently's standard consent banner instead. Publishers who do need Google's own signals alongside TCF can set up Google Consent Mode v2 in the same dashboard. Start with Consently free to see how your current cookies map to these purposes.
FAQs
What is a TCF purpose in simple terms?
A TCF purpose is one of 11 standardized reasons IAB Europe lets a vendor process your data for. Each carries its own consent or legitimate-interest requirement.
How many purposes are in the IAB TCF?
The IAB TCF currently defines 11 standard purposes. It also defines 3 special purposes, which carry no user choice, separately from that 11-purpose count.
What is the difference between a purpose and a special purpose?
A purpose gives the visitor a choice and requires a declared legal basis. A special purpose gives no choice at all, because IAB Europe treats it as necessary for the framework to function, always under legitimate interest.
What is TCF Special Purpose 3?
Special Purpose 3, "Save and communicate privacy choices," is the newest of the three special purposes, added by IAB Europe in a 2024 amendment. It gives vendors a legal basis for storing and passing along a visitor's own consent decisions as a signal like the TC String. Regulators now treat that signal as personal data.
Which TCF purposes require consent?
Purposes 1, 3, 4, 5, and 6 always require consent, with no legitimate-interest option. The remaining six, Purposes 2 and 7 through 11, let the vendor choose consent or legitimate interest.
What is the difference between purpose consent and vendor consent?
Purpose consent covers a reason for processing data across the whole framework, while vendor consent covers one specific company. A visitor can allow a purpose in general while still refusing a specific vendor listed on the Global Vendor List.
Can I disable IAB TCF purposes if I don't run ads?
Yes. IAB TCF exists for programmatic advertising and ad-tech consent signaling. A site with no ad-tech vendors can turn it off and use a standard consent banner instead.
What is the official TCF purposes list?
IAB Europe publishes the authoritative purpose, special purpose, feature, and special feature list in its Transparency & Consent Framework Policies document. It updates that document as the framework changes.
What is TCF compliance?
TCF compliance means a CMP and its registered vendors follow IAB Europe's current policies. A compliant CMP displays the standard purpose names verbatim, records consent per purpose and per vendor, and encodes each choice in a valid TC String. Under TCF v2.3, that string must carry the Disclosed Vendors segment.

