Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
EU: IAB Europe launches new TCF Vendor Compliance Programme
The Interactive Advertising Bureau ('IAB') Europe announced, on 26 August 2021, that it had launched a new Transparency & Consent Framework ('TCF') Vendor Compliance Programme. In particular, the IAB outlined that it will audit live installations of vendor technologies as integrated on publisher properties and focus on assessing compliance with obligations under TCF policies which require vendors to:
- not store information or access information on a user's device without consent, unless the law exempts such storage of information or accessing of information on a user's device from an obligation to obtain consent;
- indicate on the Global Vendor List ('GVL') the maximum duration of information stored on a user's device, including whether such duration may be refreshed.;
- not create signals where no Consent Management Platform ('CMP') has communicated a signal, and shall only transmit signals communicated by a CMP or received from a vendor who forwarded a signal originating from a CMP without extension, modification, or supplementation, except as expressly allowed for in the policies and/or specifications;
- not transmit personal data to another vendor unless the TCF's signals show that the receiving vendor has a legal basis for the processing of the personal data; and
- quickly cease processing the personal data and must not further transmit the personal data to any other party, if a vendor receives a user's personal data without having a legal basis for the processing of that data, even if that party has a legal basis for processing the personal data in question.
In addition, the IAB highlighted that the enforcement process begins from 1 September 2021, when IAB will begin monitoring regularly top websites in key markets. Furthermore, the IAB outlined that where a vendor is found to be in breach of the TCF, it will notify vendors and give them 28 calendar days to remedy the identified issues, and in cases of ongoing non-compliance it will suspend the vendor from the TCF and remove the vendor from the GVL until all compliance failures have been remedied.
You can read the press release here.