The noyb.eu press release and complaints erroneously suggest that IAB Europe’s Transparency & Consent Framework (TCF) is designed to enable “fake consent” signals to be sent throughout the digital advertising ecosystem. On the contrary, the TCF policies and technical specifications were created precisely to ensure that the types of behaviour detected by the INRIA research project, do not occur.
TCF policies explicitly require that signals generated under the framework accurately reflect all user choices and that such signals are collected, logged and transmitted in accordance with what is required under the GDPR. Where publishers implement TCF-compliant consent management platforms (CMPs), the generation of any signals prior to informing the user and the user expressing their choices with regard to the processing of their data is forbidden. Hence, as a tool which strives to help the digital advertising industry comply with data privacy requirements, the TCF should be seen as part of the solution and not part of the problem.
IAB Europe believes that the research conducted by INRIA illustrates the value of a standardised solution such as the TCF in enabling enforcement authorities to hold data controllers accountable. We hope that the CNIL will use this opportunity to encourage market players to embrace this open-source, cross-industry standard going forward, and invite Mr. Schrems as well as the INRIA research team, to engage in a dialogue with us about how the TCF can be used to deliver on the requirements of the GDPR.
Townsend Feehan, CEO, IAB Europe