IAB, GDPR, CNIL... What are these data protection regulations?

📕 What is the IAB?

The IAB is an organization on an european level, that gathers players in Digital Marketing and advertising. 

The IAB created the Transparency and Consent Framework (TCF) framework with a consent solution in compliance with the GDPR and the ePrivacy guidelines that set standards to collect consent, especially for ad tech providers. The TCF creates an environment where website publishers can tell users what data are collected and how their websites and companies wish to use them.

It offers, therefore, a legal security to all legal players, sustains business models and reduces compliancy costs. 

📕 What is the GDPR?

It is one of the key texts on data protection that applies to european & international players overall, with these two conditions:

  • when entities offer products and services to people IN the European Union, even if the headquarter is outside the EU.
  • when organisations from a European country, process personal data from people inside or outside the UE. 

Who does the GDPR applies to?

The GDPR guidelines apply to any public or private bodies, whatever their size and line of business. 

  • Companies (VSEs, SMEs, big companies...)
  • Administrations
  • Collectivities
  • Associations


📕 What is the CNIL (Commission Nationale de l'Information et des Libertés)?

The CNIL is the French Data Protection Authority (DPA) that makes sure computing does not harm the human identity, their privacy and rights. The French (DPA) supports notably professionals in their compliancy process  and helps private individuals know and exercise their rights.

The CNIL controls, sanctions, protects and supports organisations and individuals.