OneTrust on TCF Ruling – What you need to know

beeler.brief onetrust Feb 25, 2022
A special thank you to Alex Cash from OneTrust for his take on what you need to know about the TCF ruling.
If you're are a publisher, please join and further discuss this topic on our slack workspace by applying to be part of our publisher community here.
If you have your own idea for a Beeler.Brief, please contact us and we'll be in touch.
At the moment, one of the most frequent questions that we get asked at the moment is, can we get some assistance in digesting what has come out from the regulators in Belgium? And it’s understandable. It’s a very meaty ruling. There’s about 120 pages, I think, of details to dig through and, a lot of legalese to digest. So there’s a couple of key takeaways that I think are priorities for publishers to bear in mind in the context of also what’s going to be happening over the next few weeks and months.
The first thing is that the ruling is specifically about IAB Europe and the TCF. It is not a ruling on all CMPs, ad tech vendors, and publishers. There are implications for them, but it is not specifically about named publishers. One of the implications of the ruling is specifically around the usage of the Global Consent Mode under TCF, which was actually deprecated in July 2021. But it was effectively a mechanism for sharing consent across publishers, and it was decided among the participating organizations to deprecate that.

And the ruling specifically instructed IAB Europe to delete that data. Any data that they had stored related to global consent. Now it did not specifically rule that CMPs, ad tech vendors, or publishers needed to also delete that data, but that could be a step that you would take as a publisher. And I don’t think there would be any negative consequences for you as an organization, considering it’s deprecated to do that and to mitigate risk in that way.
The other takeaway that I think is of key importance to publishers today is that the ruling, as it stands, does define publishers, CMPs, and ad tech vendors as joint controllers in the usage of TCF. And wWhat that means in practice is that it changes your relationship to those other organizations that you’re working with from both a risk and a contractual perspective. So it could be very pragmatic at this time to review the data processing agreements that you have and the relationships with those third parties, and perhaps even reviewing from a risk perspective, the nature of those relationships and the controls that surround them as well.

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.