Interactive Advertising Bureau

Privacy & Data Protection

  1.  General notice

IAB Europe respects the privacy of the visitors (“Users”) on its websites ( and referred to as “Websites”), users of its Chrome extension named “CMP Validator” (also referred to as “Users”), its registered members (“Members”) to which it provides services as further specified in the General Terms of Use (“Services”) and of Transparency & Consent Framework participants both for Europe and Canada (“TCF Participants”). In this Privacy Policy, references to Members or TCF Participants mean both individual Members or TCF Participants and individuals who are employed by individual Members or TCF Participants. 

This Privacy Policy is also addressed to individuals outside IAB Europe involved in the public debate concerning digital advertising, with whom IAB Europe may interact and whose personal data it processes (“Stakeholders”). This Privacy Policy also applies to applicants (“Applicants’). 

At times, this Privacy Policy refers to these categories of individuals jointly as “Data Subjects”. 

IAB Europe processes personal data in accordance with applicable data protection laws, in particular the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).

IAB Europe reserves the right to modify the Privacy Policy from time to time by posting an updated version on the Websites. You should check back to review it regularly. However, if we make any material changes we will notify you by means of a notice on these Websites or if you are a Member, by email, prior to the change becoming effective.

This Privacy Policy describes how IAB Europe processes data and, in particular, how we collect and use the data you provide via our Websites and by other means. It also describes the choices available to you regarding our use of data, including how you can access and update this information.

  1. Data controller

IAB Europe A.I.S.B.L. (BE 0812.047.277), having its registered offices at 1040 Brussels (Belgium), Rond-Point Schuman, 11 is the entity that acts as the only data controller for the purposes of this Privacy Policy (“IAB Europe”). All questions or requests regarding the processing of these data may be addressed to:

  1. Data collected

3.1 Collection of data

IAB Europe collects or obtains data from Data Subjects from the following sources:

  • IAB Europe obtains data when those data are provided by Data Subjects (e.g., where Applicants provide their CV or Data Subjects contact IAB Europe via email or telephone, or by any other means);
  • IAB Europe collects or obtains data in the ordinary course of its relationship with Data Subjects (e.g., when IAB Europe provides a service to Members, Users and TCF Participants);
  • IAB Europe collects or obtains data that Data Subjects manifestly choose to make public, including via social media or other public forums (e.g., IAB Europe may use information associated with a Stakeholder’s social media profile(s), about events they participated to, and any communications that they make publicly available);
  • IAB Europe collects or obtains data when Data Subjects visit the Websites or use any features or resources available on or through the Websites and the Chrome extension “CMP Validator”;
  • IAB Europe collects or obtains data when Data Subjects use, or register to use, the Websites or any Services (e.g., through the registration form completed by the Member or TCF Participant, or through the Non-Compliance Submission Form completed by Data Subjects against the TCF participants, if the Data Subject chooses to provide optional information such as their email address);
  • IAB Europe may also create data about Data Subjects in certain circumstances, such as records of Data Subjects’ interactions with it.

3.2 Data processed by IAB Europe

IAB Europe processes, for the purposes listed in Section 4, the following types of data:

  • Identification data, such as user name, last and first name, job title, email address and professional contact details, e.g. where a Data Subject chooses to register to the Services or decides to interact with IAB Europe;
  • Employer details, e.g. where a Data Subject interacts with IAB Europe in their capacity as an employee of a third party, the name, address, telephone number and email address of the employer, to the extent relevant;
  • Views and opinions, e.g. any views and opinions that a Data Subject chooses to send to IAB Europe, or publicly post about IAB Europe on social media platforms or other public forums;
  • Information about your browsing on the Websites if you consented to the use of analytics cookies, e.g. the IP address of your Internet connection, technical characteristics about the device you are using such as the operating system and your interaction with the website such as the content you have seen or clicked on;
  • Information provided by Applicants, such as included in their CV; and
  • Any other information voluntarily transmitted to IAB Europe by the Data Subject for a specific purpose.

3.2.1 « Cookies »

When you visit the Websites we will place Cookies on your device, or read Cookies already placed on your device, subject to obtaining your consent where required. 

For the website, please refer to our Cookie Policy for a description on the use of cookies and the choices available to you.

For the website, IAB Europe uses a single session cookie named __RequestVerificationToken to ensure the website functions properly.

3.2.2 Data received automatically by our servers

When the User, the Member or TCF Participant accesses the Websites, the relevant servers automatically receive information about their device (such as the IP address of their Internet connection or the type of browser or operating system used. Such information is not logged nor processed for other purposes.

When users install and access the Chrome extension named “CMP Validator”, information about their device (such as the IP address of their Internet connection) is sent automatically to IAB Europe's servers when loading resources that are necessary for the CMP Validator to operate properly. Such information is not logged nor processed for other purposes.

3.2.3 Special categories of personal data

IAB Europe does not seek to collect or otherwise process special categories of personal data understood in accordance with GDPR art. 9 in the ordinary course of its business. Where it becomes necessary to process special categories of personal data of Data Subjects for any reason, IAB Europe will only do so in compliance with the law.

  1. Purposes of the data processing and legal bases for the processing

4.1 General purposes

The purposes for which IAB Europe may process the personal data of Data Subjects, subject to applicable laws, include:

  • Provision of the Websites and Services: providing the Websites to Users, Members and TCF Participants; providing Users, Members and TCF Participants with promotional items at their request; managing and evaluating the participation of the TCF Participants in the framework; and communicating with Users, Members and TCF Participants in relation to those services;
  • Improving the Websites and services: identifying issues with the Websites or services; planning improvements to the Websites or services; and creating new websites, or services;
  • Marketing communications: communicating with Data Subjects via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which they may be interested, subject to ensuring that such communications are provided to Data Subjects in compliance with applicable laws;
  • Organising online or in-person events: management of registrations to webinars or in-person events, interacting with speakers and panellists, collecting questions from participants.
  • Contribute to and participate in the public policy debate around digital advertising: including, responding to and otherwise interacting with relevant Stakeholders; gauging their interest in events; and request meetings for discussion;
  • Communications and IT operations: management of IAB Europe’s communications systems; operation of IT security; and IT security audits;
  • Legal compliance: compliance with IAB Europe’s legal and regulatory obligations under applicable laws;
  • Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.

4.2 Legal bases for processing

In processing your personal data in connection with the purposes set out in this Privacy Policy, we may rely on one or more of the following legal bases, depending on the circumstances set out herein:

  • The processing is necessary for the performance of a contract to which the User, Member or TCF Participant is a party;
  • The processing is necessary for IAB Europe’s legitimate interests, as set out herein (e.g., processing personal data about the TCF Participants for administration purposes and processing data of Applicants);
  • The processing is based on your consent (e.g. if you subscribed to receive a newsletter from IAB Europe);
  • IAB Europe is required to comply with a legal or statutory obligation in the European Union.


  1. Security and transfer to third parties

IAB Europe uses physical, technical and administrative measures to protect the Users’ information against loss, theft and unauthorised use, disclosure or modification.

We may provide your data to companies that provide services to help us with our business activities (‘data processors’), e.g. companies that support our ICT Infrastructure. These companies are authorised to use your personal data only as necessary to provide these services to us.

IAB Europe transmits the data of Data Subjects to third-party services to the extent to which these data are required for the performance of the relevant Services. Any such partner will not communicate these personal data to third parties, except in the following situations: (i) if and to the extent that this communication is necessary for the contract’s performance, and (ii) if the partner is obliged to communicate certain information or documents to a public authority, as required by law, such as to comply with a subpoena, or similar legal process and (iii) if IAB Europe is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/ or prominent notice on our Websites of any change in ownership or uses of your personal data, as well as choices you may have regarding your personal data. The communication of information to the persons set out in point (ii) shall, in any case, be limited to that which is strictly necessary or required by applicable laws.

If IAB Europe engages a third-party processor to process data of Data Subjects, the processor will be subject to binding contractual obligations to: (i) only process the data in accordance with IAB Europe’s prior written instructions; and (ii) use measures to protect the confidentiality and security of the data; together with any additional requirements under applicable laws.

  1. International transfer of personal data

Some of our data processors are located outside the EU (‘third countries”). Certain third countries have been officially recognised by the European Commission as providing an adequate level of protection. You can find the list of these countries here. Transfers to our data processors located in other third countries take place using an acceptable data transfer mechanism, such as the EU-U.S. Data Privacy Framework that allows the transfer of data from the EU to US companies certified under this framework, the EU Standard Contractual Clauses or Binding Corporate Rules.

  1. Storage periods

IAB Europe will only retain the Users’ and Members’ data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

The determination of the appropriate retention period for the Users’ data is based on the purposes for which we process it, whether we can achieve these purposes through other means, the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal requirements.

For some of the purposes mentioned in section 4.1. or for purposes of which you may be informed separately, IAB Europe may anonymise the User’s personal data so that it can no longer be associated with the User, in which case it is no longer considered personal data. For example, IAB Europe anonymises personal data in order to create statistics about the usage of its Websites which IAB Europe may use to improve its Websites. 

Upon expiration of the applicable retention period IAB Europe will securely destroy the personal data in accordance with applicable laws and regulations.

  1. Data subjects’ rights

Data Subjects may request access, ask for rectification and for deletion of their personal data, except those which IAB Europe are legally obliged to retain, from IAB Europe’s databases by addressing an email to, or alternatively a written request at the following address: IAB Europe, 1040 Brussels (Belgium), Rond-Point Schuman, 11. Data Subjects may request to have their personal data transferred to another controller, in a structured, commonly used and machine-readable format.

Any Data Subject may request restriction of processing of their personal data.

Where IAB Europe processes a Data Subject’s personal data on the basis of consent, the Data Subject has the right to withdraw that consent. IAB Europe will then take all necessary steps to satisfy such a request with expediency.

Any Data Subject has the right to lodge complaints regarding the processing of their personal data with a data protection authority (which can be any of the data protection authority of the EU Member State in which they live, or in which they work, or in which the alleged infringement occurred).

Subject to applicable laws, each Data Subject may also have the following additional rights regarding the processing of their personal data:

  • the right to object, on grounds relating to their particular situation, to the processing of their personal data by IAB Europe or on its behalf; and
  • the right to object to the processing of their personal data by IAB Europe or on its behalf for direct marketing purposes. Data Subjects can unsubscribe from IAB Europe marketing communications using the link provided at the bottom of IAB Europe’s newsletters or send a request by email to

  • Persons under the age of 16

Persons under 16 years old and persons who do not have full legal capacity are not allowed to use the Websites, and must not provide their personal data to us. IAB Europe does not knowingly collect or store personal data from children under the age of 16, unless permitted by law. If IAB Europe learns that it has collected personal data from a child under age 16, it will delete that information from its database.

  • Additional Information

10.1 Testimonials

We display personal testimonials of satisfied members on our Websites in addition to other endorsements. With your consent we may post your testimonial along with your name, but we will always check that you are happy for us to do so first. If you wish to update or delete your testimonial, you can contact us at

10.2 Links to 3rd Party Sites

Our Websites include links to other websites whose privacy practices may differ from those of IAB Europe. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

  • Contact Us

You may contact us for any reason in connection with this Privacy Policy at:

IAB Europe
Rond-Point Robert Schuman 11
1040 Brussels

Last Updated: 16 October  2023 

IAB Europe
Rond-Point Robert
Schuman 11
1040 Brussels
Sign up for our newsletter
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram