The Court of Justice of the European Union found IAB Europe's Transparency and Consent Framework strings contain personal data, making them subject to the EU General Data Protection Regulation. The preliminary ruling designated IAB Europe as a joint data controller under the GDPR because "that association appears to exert influence over data processing operations when the consent preferences of users are recorded." IAB Europe welcomed clarity in the case, which returns to the Belgian Market Court.
7 March 2024
CJEU issues clarity on IAB Europe TCF's GDPR compliance
Related stories
A view from DC: US Senate hearing gives a preview of AI on Cruz control
New York State of Mind: A discussion with NYC Chief Privacy Officer Michael Fitzpatrick
Notes from the IAPP Canada: Building momentum during Privacy Awareness Week
Notes from the Asia-Pacific region: OPC releases draft guidance on Privacy Act amendment
A view from Brussels: From coal and steel in 1950, to cybersecurity and AI in 2025
