EPIC and ICCL Issue Deletion Demands in Wake of TCF Decision

The Electronic Privacy Information Center (EPIC) and the Irish Council for Civil Liberties (ICCL) have together issued several letters to CEOs of global companies demanding that they delete personal data collected through the IAB Transparency and Consent Framework (TCF) and that they cease any “consent spam” in the U.S. that is based on the TCF. This comes in the wake of the Belgian Data Protection Authority’s decision that the TCF and OpenRTB system violate the GDPR.

The letters, directed to CEOs of Proctor & Gamble, Unilever, AT&T, Bank of America, IBM, Mastercard, General Motors, and Ford, draw attention to the decision and its requirement that all data processed through this system must be deleted. EPIC and ICCL note that companies choosing not to comply with this directive face the possibility of both significant administrative fines and damage claims from affected individuals. The letters also address structures based on the TCF that may be used for “consent spam” within the U.S., urging companies to reconsider their use in light of the recent ruling. The letters request a response within fourteen days.

EPIC has repeatedly challenged the surveillance advertising industry – including in a recent white paper on the matter addressed to the Federal Trade Commission – and will continue to post updates as companies respond.