Johnny Ryan, Pierre Dewitte, Jeff Ausloos, La Ligue des Droits de l'Homme, Bits of Freedom & Katarzyna Szymielewicz v. IAB Europe

€250,000 in fines


The Belgian DPA fined the IAB Europe as information provided to the data subjects was too generic and incomplete regarding processing of data or their right to object to it. 

Our analysis

The Belgian DPA has found that the Interactive Advertising Bureau Europe (IAB Europe) did not meet its transparency obligations under the GDPR (Articles 12, 13, and 14 of the GDPR). The DPA found that the IAB Europe's Transparency and Consent Framework (TCF) provided to users was too generic and did not enable them to give specific and informed consent, which is required for consent to be considered valid. Additionally, the large number of adtech vendors that could potentially receive users' personal data further complicated the matter, making it difficult for users to be fully informed and for the IAB Europe to comply with its transparency and information obligations under the GDPR. To address these issues, the DPA has required TCF-registered Consent Management Platforms (CMPs) to take a harmonised and GDPR-compliant approach to providing information to users through their interface. This includes ensuring that any information provided about data processing is precise, concise, and understandable to prevent users from being surprised by subsequent processing of their personal data by parties other than publishers or IAB Europe.


The Interactive Advertising Bureau Europe has been fined €250,000 by the Belgian DPA for several GDPR violations, including not complying with transparency and information obligations and failing to implement appropriate measures to ensure personal data security. Additionally, the company did not keep records of processing activities, conduct a DPIA, or designate a DPO. The DPA has set a deadline of 6 months after the validation of an action plan for the company to implement the necessary measures.


Johnny Ryan, Pierre Dewitte, Jeff Ausloos, La Ligue des Droits de l'Homme, Bits of Freedom & Katarzyna Szymielewicz (complainants) and IAB Europe

Case number


Related deceptive patterns

Related laws

Legal enforcement database by Leiser, Santos and Doshi

The information about laws and cases on this website is brought to you by the Leiser, Santos and Doshi enforcement database.

About us