This week, Belgium’s data protection authority, APD, fined IAB Europe 250,000 euros for GDPR-related complaints against its standardized Transparency and Consent Framework (TCF), which is used by publishers and advertisers in the EU. The complaints, originally filed in 2019, related “to the principles of legality, appropriateness, transparency, purpose limitation, storage restriction and security, as well as to accountability.”
In addition to the fine, the ADP ordered IAB Europe to change the current setup where consent is obtained by users in order to facilitate real-time bidding (RTB) on ad space for advertisers.
In acknowledging the ADP decision, IAB Europe held that it contains no prohibition of their TCF standard.
In the statement, IAB Europe added: “We reject the finding that we are a data controller in the context of the TCF. We believe this finding is wrong in law and will have major unintended negative consequences going well beyond the digital advertising industry.”
Yet, they also agreed to working with Belguim’s ADP on an action plan over the next six months that will keep their TCF in place, presumably in some modified form.
Why we care. Privacy and transparency are critical values for the ad industry and for digital citizens. For marketers, communicating with consumers through digital channels requires trust before any other value can be exchanged. So, it’s worth it for all parties to get the regulations right and to comply with them, which is an ongoing process.
The EU is a more mature regulatory space than the U.S. And yet there are indications that regulations don’t have to be seen as a zero-sum that cuts into performance. For email marketing, for instance, we saw recently where, by some metrics, performance actually is higher in a more regulated environment.