-
The entire GDPR approach set up by the IAB EU--including TCF, the standard UX, and the bidstram flow of data alongside the consent signal--is on the verge of being declared illegal: iccl.ie/news/online-consent-pop-ups-used-by-google-and-other-tech-firms-declared-illegal/Permalink On twitter.com
♻️ 15 Retweets
❤️ 47 Favorites
Mood -1 🙁
-
There are two major challenges to the status quo that would break current and future approaches of both the challenge banner and the consent API system:Permalink On twitter.com
♻️ 1 Retweets
Mood +1 🙂
-
1. that the 'here's all the vendors, here's the ability to consent to each of them, here's many options' UX that the TCF process has made a standard interface across websites would make the provider and the IAB itself a data controller...Permalink On twitter.com
❤️ 3 Favorites
Mood +4 🙂
-
This UX would be considered blocking access and would, if the final decision matches what we see here, therefore not be considered legal GDPR compliance.Permalink On twitter.com
❤️ 1 Favorite
Mood 0
-
2. This means (as I understand it) that the IAB and the CMP provider would both be liable for preventing the transmission of user data...Permalink On twitter.com
Mood -1 🙁
-
Right now, the TCF system sends the consent string as a ride-along piece of data with all the user data that normally is involved in an ad call. A common misunderstanding of TCF is that your choices block data transmission. That isn't the case...On twitter.com
❤️ 2 Favorites
Mood -1 🙁
-
Most implementations of TCF are a signal that rides along in the bidstream & says 'pretty please ignore any attached user data'. Middlemen in ad tech are known to practice 'consent fraud' which alters or removes this "daisybit" data & lets them sell the traffic at higher rates...Permalink On twitter.com
❤️ 10 Favorites
Mood 0
-
But if the CMPs and the IAB EU are reinterpreted as data controllers they are--in theory--given the additional responsibility of "the purposes and means of the processing of personal data" which would make them responsible for consent fraud and user data transmission...Permalink On twitter.com
❤️ 8 Favorites
Mood +1 🙂
-
The big change that could occur here is that any system might have to--in order to comply with GDPR--actually control the data transmission at the top... and every other... level. This is a big change b/c it means sites have to change their behavior significantly w/consent statesPermalink On twitter.com
❤️ 5 Favorites
Mood +6 🙂
-
I'm not a lawyer, but I do think that any way it goes the challenge to the existence of TCF and the supporting UX is going to mean a major industry-wide change to how things work in the EEA-corner of the web.Permalink On twitter.com
❤️ 5 Favorites
Mood 0
-
More details and history here: techcrunch.com/2021/11/05/iab-europe-tcf-gdpr-breach-belgium/Permalink On twitter.com
❤️ 2 Favorites
Mood 0