Belgian DPA Finalizes Draft Deci...
Belgian DPA Finalizes Draft Decision in ...

Belgian DPA Finalizes Draft Decision in IAB Europe Case

Relevant European supervisory authorities notified and have 4 weeks to provide feedback to the draft decision.

clock3 Min Read

Featured Image

On November 25, 2021, the Belgian Data Protection Authority (DPA)  issued a press release concerning its draft decision in the case against Interactive Advertising Bureau Europe (IAB Europe) relating to their Transparency & Consent Framework (TCF). The DPA noted that its draft decision has now been sent to the concerned supervisory authorities pursuant to Article 60 of the GDPR for their feedback. The concerned supervisory authorities will have four weeks to respond.

Background to the Belgian DPA’s Draft Decision in the IAB Europe Case

In 2019, a series of complaints were filed with the Belgian DPA relating to the IAB TCF and whether it conforms with the GDPR. Subsequently, the Belgian DPA launched an investigation into IAB TCF.

In October 2020, statements on the findings of the Belgian DPA’s investigation were released by the Irish Council for Civil Liberties, which revealed that IAB TCF is in breach of the GDPR. According to the statements, the Belgian DPA concluded that the IAB TCF allowed companies to swap sensitive information about people without authorization. It was also stated that IAB TCF did not provide adequate controls for processing personal data that occurs in its OpenRTB system.

In November 2021, IAB Europe was notified that the Belgian DPA was close to finalizing its draft ruling, concluding the investigation of IAB Europe and its role in the TCF. In a press release, IAB Europe said that it had been informed that the draft ruling will identify infringements of the GDPR by IAB Europe, specifically relating to the use of TCF ‘TC Strings’, the digital signals created on websites to capture data subjects’ choices about the processing of their personal data for digital advertising, content, and measurement.

What’s Next for the IAB TCF Case?

The Belgian DPA has now finalized its draft decision in the IAB Europe case and has notified the relevant supervisory authorities of the decision. The concerned authorities now have four weeks to respond with feedback to the draft decision.

The Belgian DPA has outlined two possible scenarios for the future of the draft decision:

  • No relevant or reasoned objection to the draft decision is made therefore the decision can be finalized by the Belgian DPA; or
  • One or more of the authorities involved expresses a relevant and reasoned objection to the draft decision., Subsequently the Belgian DPA will either:
    • Submit a revised draft to the concerned authorities, taking this objection into account, or
    • The objection will not be considered reasoned or relevant and could therefore initiate the dispute resolution mechanism under Article 65 of the GDPR.

The Belgian DPA highlighted that it is unable able to comment further due to the confidential nature of the cooperation mechanism. Following the conclusion of the cooperation procedure, the final decision will be adopted by the Belgian DPA.

Further reading on the IAB Europe Case:

Follow OneTrust on LinkedInTwitter, or YouTube for updates on the latest regulatory developments.

Tags:

Belgian DPA
IAB Europe
IAB TCF

You Might Also Be Interested In


DEC 14, 2021
Cookie Consent

Cookies & Tech 2021 Round-Up: Italy, California, Global Privacy Control, Third-Party Cookies & More

DEC 16, 2021
Consent and Preferences

Capture, Govern, Activate: How to Build a Powerful Marketing Data Strategy in 2022

NOV 22, 2021
Privacy Management

5 Steps to Automating FOIA Requests

NOV 19, 2021

5 Ways to Automate IT Risk Management

DEC 14, 2021
GRC

The CISOs Role in Driving Trust: Why it Matters, How to Define it, and What Success Looks Like

DEC 09, 2021

Enhancing Privacy Accountability Through More Effective IT Risk Management

NOV 18, 2021
Consent and Preferences

The Digital Privacy Experience

NOV 18, 2021
PIPL

China PIPL: Managing & Responding to Data Breaches Under PIPL

BackToTop
Onetrust All Rights Reserved