The Court of Justice of the European Union found IAB Europe's Transparency and Consent Framework strings contain personal data, making them subject to the EU General Data Protection Regulation. The preliminary ruling designated IAB Europe as a joint data controller under the GDPR because "that association appears to exert influence over data processing operations when the consent preferences of users are recorded." IAB Europe welcomed clarity in the case, which returns to the Belgian Market Court.
7 March 2024
CJEU issues clarity on IAB Europe TCF's GDPR compliance
Related stories
Notes from the Asia-Pacific region: Looking back on an exceptional 2025 and the year to come
Notes from the IAPP Europe: Another piece of the EU Digital Package puzzle — the Data Union Strategy
Gaps in website opt-out functionality under the microscope in privacy enforcement
The case for differential privacy in the age of agentic AI
Santa Fe 4.0: la reforma constitucional que redefine derechos, tecnología y ciudadanía digital en Argentina
