IAB Seeks to Address Regulators’ GDPR Concerns with Transparency and Consent Framework 2.0

IAB EuropeEuropean industry group IAB Europe today released an updated version of its Transparency and Consent Framework (TCF 2.0), an industry standard designed to help publishers and tech companies comply with the EU’s General Data Protection Regulation. IAB Europe says the update, developed in partnership with sister organisation IAB Tech Lab, is based on feedback from various data protection authorities (DPAs) around the EU. The group says TCF 2.0 give consumers more control over their data, and publishers more flexibility with how they allow vendors to process data.

The Transparency and Consent Framework, originally released just before GDPR came into force, is designed as a basic framework for companies within the digital advertising ecosystem to meet their obligations under GDPR. But given a lack of clarity around exactly how GDPR would be interpreted by the various DPAs responsible for enforcing it, some felt the first version didn’t go far enough to ensure that companies using it would be compliant with the regulation.

IAB Europe hopes these updates will address these problems. Among the consumer-facing changes are the inclusion of “right to object” functionality into the framework. As well as the right to grant and withdraw consent under GDPR, users also have the right to object, meaning they can object to certain types of data processing and stop a company from continuing the process their personal data. Previously, this right wasn’t covered by the framework – bringing it into the fold should should give businesses more clarity on how this right should be implemented. The framework also expands the original five purposes for data processing, which tell a user why their data is being processed, to twelve, in order to grant more clarity. Finally, the update gives users more control over whether and how vendors use certain features of data processing, for example use of precise geolocation.

On the publisher side, the framework gives publisher an ability to restrict the purposes for which personal data is processed on their sites on a vendor-by-vendor basis – rather than setting one rule which applies to all vendors. It also lets publishers specify the legal basis on which it requires vendors to operate, in cases where vendors give them a variety of options of legal bases for data processing in different context.

IAB Europe believes these changes sufficiently address the concerns of different DPAs around Europe. “Whilst the TCF will continue to evolve to meet the needs of our dynamic industry, I am confident this update addresses all the feedback we have received from many DPAs throughout Europe, as well as the needs of each part of the digital advertising value chain,” said Townsend Feehan, CEO of IAB Europe.

However, some are sceptical over whether these changes will be sufficient to fully satisfy some DPAs, with the UK’s Information Commissioner’s Officer (ICO) having released a report earlier this year outlining issues with how real-time bidding (RTB) currently operates. Ian James, CEO of data tech services company SBDS Group, said that “even though TCF 2.0 addresses some of the concerns outlined by the ICO back in June, it is clear that something must be done to overhaul the real-time bidding industry and management of data.” James added, however, that progress made by the IAB should be supported.

Subscribe to Weekly VAN Newsletter

Ad TechDataEuropeLegalPrivacyProgrammaticPublishing