Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

International: Belgian DPA's investigation finds IAB TCF in breach of GDPR

The Irish Council for Civil Liberties ('ICCL') published, on 16 October 2020, statements on the investigation conducted by the Belgian Data Protection Authority ('Belgian DPA'), in response to 22 complaints, which revealed that the Interactive Advertising Bureau Europe's ('IAB') Transparency and Consent Framework ('IAB TCF') infringes the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the ICCL noted the Belgian DPA's conclusion that the IAB TCF allows companies to swap sensitive information about people even when this has not been authorised, and provides inadequate controls for the processing of intimate personal data that occurs in the real time bidding ('RTB') system, which is used by Google and other companies. In addition, the ICCL highlighted findings which may affect organisations outside of Europe, including the fact that the IAB began to market a system in the US that is based on the IAB TCF, and presented it as a compliance system for the California Consumer Privacy Act of 2018 (last amended in 2019) ('CCPA'), and the recent launch of the IAB Privacy Lab together with the IAB TechLab, aiming to produce variants of the IAB TCF for regional laws.

You can read the statements here and here.