Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
International: Belgian DPA's investigation finds IAB TCF in breach of GDPR
The Irish Council for Civil Liberties ('ICCL') published, on 16 October 2020, statements on the investigation conducted by the Belgian Data Protection Authority ('Belgian DPA'), in response to 22 complaints, which revealed that the Interactive Advertising Bureau Europe's ('IAB') Transparency and Consent Framework ('IAB TCF') infringes the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the ICCL noted the Belgian DPA's conclusion that the IAB TCF allows companies to swap sensitive information about people even when this has not been authorised, and provides inadequate controls for the processing of intimate personal data that occurs in the real time bidding ('RTB') system, which is used by Google and other companies. In addition, the ICCL highlighted findings which may affect organisations outside of Europe, including the fact that the IAB began to market a system in the US that is based on the IAB TCF, and presented it as a compliance system for the California Consumer Privacy Act of 2018 (last amended in 2019) ('CCPA'), and the recent launch of the IAB Privacy Lab together with the IAB TechLab, aiming to produce variants of the IAB TCF for regional laws.
You can read the statements here and here.