In a decision of 2 February 2022, the Belgian Data Protection Authority found the “Transparency and Consent Framework” (TCF) created by IAB Europe to be illegal.
The vast majority of online operators in the EU, including Amazon, Google and Microsoft, rely on TCF as a tool for their GDPR compliance. According to the decision, all personal data processed on the basis of the TCF should be deleted.
This crucial decision was made by the Belgian Data Protection Authority as the so-called lead supervisory authority under Art. 56 GDPR in agreement with 27 other EU data protection authorities from 19 countries, including the Czech Office for Personal Data Protection.
The decision cites the following as the main reasons for the TCF’s illegality: