Fact Check: Your personal data will be processed and information from your device (cookies, unique identifiers, and other device data) may be stored by, accessed by and shared with 90 TCF vendor(s) and 19 ad partner(s), or used specifically by this site or app.

Fact Check: "Your personal data will be processed and information from your device (cookies, unique identifiers, and other device data) may be stored by, accessed by and shared with 90 TCF vendor(s) and 19 ad partner(s), or used specifically by this site or app."

What We Know

The claim regarding the processing of personal data and the sharing of device information aligns with the stipulations set forth by the General Data Protection Regulation (GDPR). Under GDPR, personal data includes identifiers such as cookies, device IDs, and location data, which must be handled with user consent (source-2). The Interactive Advertising Bureau (IAB) has established the Transparency and Consent Framework (TCF) to help organizations comply with these regulations by standardizing how consent is obtained and communicated across the advertising ecosystem (source-2, source-3).

The TCF allows publishers to select from a list of vendors (which can number in the dozens) to whom they can share user data. This means that a user’s data may indeed be shared with multiple vendors, depending on the consent provided by the user (source-2). The claim mentions "90 TCF vendor(s) and 19 ad partner(s)," which is plausible given the extensive list of vendors that can participate in the TCF (source-3).

Analysis

The claim is largely accurate in its assertion that personal data can be processed and shared with numerous vendors. The GDPR mandates that companies must obtain explicit consent from users before processing their data, which includes sharing with third parties (source-1). The IAB's TCF framework is designed to facilitate this process, allowing users to control which vendors can access their data, although the effectiveness of this framework has been questioned due to concerns about data leakage and the complexity of user choices (source-2).

However, the claim's specificity regarding the number of vendors (90 TCF vendors and 19 ad partners) lacks direct verification from the provided sources. While the TCF does include a large number of vendors, the exact figures can vary widely based on the specific implementation by different publishers and the context of the claim (source-3). Additionally, the potential for data leakage and the challenges in ensuring compliance with GDPR raise concerns about the actual practices of data sharing, which may not always align with user expectations or consent (source-2).

Conclusion

The claim is Partially True. It accurately reflects the GDPR's requirements for processing personal data and the role of the IAB's TCF in facilitating consent for data sharing with multiple vendors. However, the specific numbers mentioned (90 TCF vendors and 19 ad partners) are not substantiated by the sources provided, making it difficult to confirm their accuracy. The complexities and potential pitfalls of the TCF framework also suggest that while the claim holds merit, it does not fully capture the nuances of data processing practices in the digital advertising landscape.

Sources

1. Compliance of this site with GDPR is NOT acceptable
2. How Does the IAB's GDPR Transparency and Consent ...
3. IAB Transparency and Consent Framework (TCF v2.2) - Cookiebot
4. Google's Additional Consent technical specification
5. Consent string and vendor list formats v1.1 Final.md
6. IAB TCF 2.2: Detailed Overview and FAQ
7. Google consent management requirements for serving ads
8. IAB Europe Transparency & Consent Framework Policies