GDPR: IAB Europe released the specifications for the Framework
IAB Europe and IAB Technology Laboratory today released the market-ready technical specifications for the Transparency & Consent Framework (“Framework”) following a 30-day public consultation in March and April 2018.
According to IAB, the Framework is “a cross-industry standard that supports online services and their partners in their efforts to provide transparency and choice mechanisms for their users in accordance with the General Data Protection Regulation (GDPR).”
IAB says the Framework is particularly relevant for publishers and other suppliers of online services, who partner with vendors to enable those third parties to process user data on one of the legal bases laid down by the GDPR:
- Publishers can use the registry to view which of their partners have applied to adhere to the Framework’s policies and for which purposes their partners are using personal data to determine which third parties they choose to work with and include as vendors in their individual user interfaces they decide to make available;
- Publishers can then surface information to their users about which vendor may be allowed to lawfully collect and use the personal data of their users in connection with the sale and measurement of ad space;
- Publishers and vendors can communicate with one another about which vendors may be allowed to access or process the personal data of publishers’ users and for which purposes;
- Publishers and vendors can capture, disclose, and maintain an audit trail of a user’s choice about those vendors and their data processing activities.
AppNexus will require several vendors to register on the IAB consent Framework.