IAB UK supports IAB Europe’s Transparency & Consent Framework

Following last week’s preliminary report by the Belgian Data Protection Authority, the APD, as part of its investigation into IAB Europe’s role and practices in relation to the Transparency & Consent Framework (TCF), IAB UK is fully supportive of IAB Europe’s response. Contrary to the headlines, the DPA has not “found the TCF to breach the GDPR”, and the report is not a final ruling, nor binding. It has been transferred to an internal adjudication unit that will deliberate over the coming months. The current operations of the TCF remain unchanged. 

The underlying conclusion drawn in the report is that IAB Europe is a “data controller” under the GDPR in its role as Managing Organisation of the TCF. We share IAB Europe’s view on this: “If upheld, the APD’s interpretation would have a chilling effect on the development of open-source compliance standards that serve to support industry players and protect consumers.” For context, the APD considered whether IAB Tech Lab was also a data controller, but came to the conclusion that it was not.

As IAB Europe makes clear, the TCF is a voluntary standard whose purpose is precisely to assist companies from the digital advertising ecosystem in their compliance efforts with EU data protection law. It contains a minimal set of best practices seeking to ensure that when personal data is processed, users are provided with adequate transparency and choice. Its policies do not assist or seek to assist the processing of special categories of data. It does not intend to replace legal obligations nor enable practices prohibited under the law.

We will fully support and align with IAB Europe over the coming months as it engages with the APD.

Read IAB Europe’s full statement here.