IAB Europe – Court Ruling (Belgium, 2025)

IAB Europe (“IAB”, short of Interactive Advertising Bureau) is an association of undertakings active in the field of digital advertising such as publishers, ecommerce and marketing companies and intermediaries, including major international players such as Microsoft and Google. IAB is established in Belgium and operates on a European level. IAB developed the “Transparency & Consent Framework” (“TCF”). The purpose of the TCF is to make the processing of personal data for online advertising compliant with data protection requirements. To this end, the TCF provides a set of technical standards and rules (in the form of contractual obligations) for companies in the sector. In particular, the TCF specifies how publishers, advertisers, and intermediaries should use the OpenRTB protocol, a widely used Real Time Bidding (“RTB”) system. RTB consists in the instant and automated online auction of users profiles for the purpose of selling and purchasing advertising space online. When an internet user visits a webpage where advertising space is available, the server sends the user’s data to a platform where advertisers automatically and instantly place bids. Advertisers place their bids based on some characteristics of individual users visiting the page (such as their location, marketing profiles, and browsing history). The bid winner displays their customer's advertising in that specific advertising space. The whole process involves a mass exchange of personal data. For this operation to be possible, users are (in principle) asked to express their advertising preferences when they first visit a publisher’s website. These preferences are collected by websites (more specifically, by each website's Consent Management Platform) and stored in a string called Transparency and Consent string (‘TC string’). The TC string is subsequently shared with advertisers and data brokers, in order to inform them of the user's preferences. At the same time, the CMP writes a cookie called eucon