Online pop-up consents to personal data processing are illegal in the EU
4. 二月 2022
In a decision of 2 February 2022, the Belgian Data Protection Authority found the “Transparency and Consent Framework” (TCF) created by IAB Europe to be illegal.
The vast majority of online operators in the EU, including Amazon, Google and Microsoft, rely on TCF as a tool for their GDPR compliance. According to the decision, all personal data processed on the basis of the TCF should be deleted.
This crucial decision was made by the Belgian Data Protection Authority as the so-called lead supervisory authority under Art. 56 GDPR in agreement with 27 other EU data protection authorities from 19 countries, including the Czech Office for Personal Data Protection.
The decision cites the following as the main reasons for the TCF's illegality:
1) Lack of a legal reason for processing – the legitimate interest is not permissible and the consent does not meet the requirements under the GDPR;
2) Breach of the transparency obligation, in particular in the sense that data subjects are not provided with adequate information on what will happen to their personal data;
3) Insufficient technical and organizational measures to ensure the security of processing and the integrity of personal data, violation of the principles of “data protection by design & by default”;
4) Lack of records of processing activities in relation to the processing in question;
5) Failure to conduct a data protection impact assessment (DPIA);
6) Failure to appoint a Data Protection Officer (DPO).
The Data Protection Authority ordered a number of remedial measures, in particular all related personal data have to be deleted and all recipients of personal data must be informed of these measures.
The evident non-compliance of the TCF with the GDPR has been the subject of expert discussions for several years. In this sense, the ruling is not surprising. It is possible that IAB Europe will challenge the decision in court. It is also likely that there will be an effort to modify the TCF.
This decision shall strengthen the long-term effort to find and enforce new rules of the online environment so that it corresponds to people's needs and respects their fundamental right to privacy. Full decision is available here.
To help you using our website by offering customized content or advertising and to analyze website data, we use the cookies which we share with our social media, advertising, and analytics partners. You can edit the settings within the link Cookies Settings and whenever you change it in the footer of the site. Do you agree with the use of cookies?
Cookies are small text files which are used to simplify and improve operation of our website and enhance user experience. Without your consent, we are only allowed to store in your device cookies strictly necessary for use of our website. Use of any other type of cookies requires your permission. Our website uses different types of cookies. Some cookies are also used by our partners – providers of services at our website. By clicking on “Accept all” button you grant us your consent to store cookies in your device as stated below and process data gathered through such cookies as set out in our Cookie Notice . By clicking on “Reject all” button you reject storing cookies on your device with the exception of strictly necessary cookies. In the "Settings" you can customize, i.e. give or refuse consent also in relation to individual types of cookies.
They enable the basic functionality of the website that cannot function without them.
Cookie name
Type and function
Source
Storage period
SERVERID
Strictly necessary cookie – Ensures that the user uses the same server during a particular visit/session. The cookie sets the infrastructure provider and represents a functional element.
Solidpixels
Session
CMS-(ID)-FE
Strictly necessary cookie - Stores a unique identifier for a given session on the website
Solidpixels
Session
CMS-(ID)-FE-language
Strictly necessary cookie - Stores a unique identifier for the selected language of the website
Solidpixels
1 day
CMS-(ID)-FE-cookies_allow_ac
Strictly necessary cookie - The cookie stores a visitor's consent settings for the collection of analytical data about his/her movement on the website.
Solidpixels
5 years
CMS-(ID)-FE-cookies_allow_mc
Strictly necessary cookie - The cookie stores a visitor's consent settings for the data collection for marketing purposes.
Solidpixels
5 years
CMS-(ID)-FE-cookies_notification
Strictly necessary cookie - Stores information whether the cookie bar has been confirmed in the past.
Solidpixels
5 years
They track website traffic and by collecting anonymous statistics allow the operator to better understand its users and thus constantly improve the website.
Cookie name
Type and function
Source
Storage period
_ga
Analytical cookie – The cookie is used to distinguish unique/individual users by assigning a randomly generated number as an identifier. It is included in every page request on your website and is used to calculate visitor data, campaign sessions for page analytics reporting.
Google
2 years
_gat
Analytical cookie – A _gat cookie is used to limit analytics requests in order to restrict the requests sent from your browser to Google services. Cookies have several limitations that can cause excessive reporting of the number of users.
Google
1 day
_gid
Analytical cookie – Registers a unique identifier that is used to generate statistical data about how a visitor uses the website.
Google
1 day
_hjlncludedInSample
Analytical cookie – Used for web analysis by HotJar, identifies the visitor during the session
HotJar
Session
_hjid
Analytical cookie – stores a unique identifier of the website visitor
Hot Jar
1 year
_dc_gtm_UA-*
Analytical cookie – Applies when Google Analytics are embedded via Google Tag Manager. It has the same function as _gat.
