IAB Europe expects to be found in breach of GDPR

The news: The International Advertising Bureau (IAB) Europe is expecting to be found in violation of the EU’s General Data Protection Regulation (GDPR) by the Belgian Data Protection Authority (DPA), the company said in a press release late last week.

How we got here:

  • Soon after the GDPR took effect in 2018, IAB Europe released its Transparency and Consent Framework (TCF), intended to be an industry standard for keeping tabs on users who have opted in or out of ad tracking.
  • It seemed, at first, to be a way to comply with the GDPR without massively damaging advertisers’ existing methods of tracking users and was integrated into countless companies, including giants like Google.
  • But in 2020, the Belgian DPA found that the TCF didn’t comply with the GDPR’s transparency guidelines and processed sensitive data like sexual orientation and political affiliation without explicit consent.
  • That accusation languished until last Friday, when the IAB Europe issued a preemptive statement in preparation for a final ruling, expected to come in the next few weeks.

What this means: Likely because of the TCF’s widespread adoption, the GDPR didn’t have the apocalyptic effect on the European ad ecosystem that was feared.

  • But if the Belgian DPA rules against the IAB Europe as anticipated, European advertisers will need to contend with further restrictions to consumer data—and scramble for alternative tracking solutions.
  • That could be especially damaging in conjunction with Apple’s privacy changes, which have negatively affected multiple companies that rely on mobile tracking and targeting.