3 months with TCF 2.0 – Criticism from the Belgian data protection authority and official statement of the IAB Europe
Table of contents
The Transparency and Consent Framework (TCF) version 2.0 of the Interactive Advertising Bureau (IAB Europe) has been officially in force since 15 August.
The TCF 2.0 was intended to finally introduce a technical market standard that defines the retrieval and transmission of a user’s consent signals between publishers and third parties who have joined the framework (such as Google, Criteo, or Taboola).
While some players in the digital advertising industry are celebrating the framework as a long-awaited standard to harmonize a heterogeneous market, critical voices are gradually becoming louder. But what exactly has happened?
Only recently, the Belgian data protection authority (APD-GBA) published the preliminary results of a study on TCF 2.0 with a knock-on effect. The central message was that, in their opinion, TCF 2.0 violates several points of the General Data Protection Regulation (GDPR). The report states:
The accusation that the TCF 2.0 makes the processing of especially sensitive data such as health data, information regarding sexual orientation etc. technically possible for advertisers in Real Time Bidding (RTB), with or without the user’s permission, weighs particularly heavily.
What does the IAB Europe say?
In response to the report, IAB Europe has already published a statement challenging the Belgian data protection authority. IAB Europe points out that these are only preliminary findings without any legal effect.
IAB Europe also noted that although TCF 2.0 is a voluntary standard, it was developed in cooperation with European data protection authorities.
To summarize, there is currently a lot of discussion on which TCF 2.0 CMP implementations are compliant and which aren’t. As the market is currently very dynamic, it remains to be seen what standards will prevail.