The Vectaury decision is not an obituary for digital advertising

In its October 30 decision, French supervisory authority, the CNIL, declared that French ad tech startup, Vectaury, violated the EU General Data Protection Regulation by not obtaining valid consent for its collection and use of geolocation data from partner apps and bid requests for targeted advertising purposes. Most notably, the CNIL concluded that Vectaury’s consent management platform, based on IAB Europe’s Transparency & Consent Framework to a certain degree, did not provide sufficiently transparent information about the purposes of data processing.

Since the TCF is used throughout the digital advertising industry to obtain consent, prognosticators are predicting the decision will end the advertising ecosystem and real-time bidding as we know it. However, we argue the CNIL’s key findings show that most of Vectaury’s consent deficiencies either violated, or were not caused by, the TCF and the TCF-specific issues are remediable.