fbpx
Home » An unending data breach immune to audit? Can the TCF and RTB be reconciled with the GDPR?

An unending data breach immune to audit? Can the TCF and RTB be reconciled with the GDPR?

0 comments 625 views

Johnny Ryan

Irish Council for Civil Liberties; Open Markets Institute

Cristiana Santos

Utrecht University; Université de Nice Sophia Antipolis – INRIA – Institut National de Recherche en Informatique et Automatique

Date Written: March 23, 2022

Abstract

The majority of Internet advertising is served using a system called Real-Time Bidding (RTB). RTB exposes the personal data of Internet users to large numbers of companies without any means of control over what happens to that data. This is a security problem and is irreconcilable with the European legal requirement that processing of personal data must be secure, accountable, and transparent. For several years the RTB industry used the “Transparency & Consent Framework” (TCF) to provide legal cover. However, in February 2022 European authorities made a landmark decision declaring the use of the TCF for RTB illegal. The TCF’s creator, IAB Europe, was ordered to bring the TCF into compliance with the GDPR by demonstrating that it can account for what happens to TCF data, including in RTB. IAB Europe claims two new initiatives enable it to do so: the “Vendor Compliance Programme” and the “Global Accountability Platform”. We examine both in this paper. Our conclusion is that the use of the TCF for RTB is impossible to monitor, audit, or secure.

Keywords: IAB Europe TCF, Personal data, Real-Time Bidding, GDPR, Compliance, Security, online advertising and tracking

Download the PDF from SSRN

 

related posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept