The IAB Tech Lab is seeking comment on a new data deletion framework

The IAB Tech Lab is asking everyone to get on the same page when it comes to deleting consumer data.

Last week, the trade group, which creates technical standards for the advertising industry, announced that it was seeking public comment on a framework that could be used to process consumer requests to delete their data. The work on a framework is borne out of lots of potential use cases, with the IAB noting consumers’ “Right to Delete” in some state-level privacy legislation and the General Data Protection Regulation (GDPR).

“There’s not really an elegant framework to honor data deletion throughout the whole ad supply chain,” Anthony Katsur, the CEO of the IAB Tech Lab, told Marketing Brew. And the scope is admittedly pretty big—beyond just data brokers, data can also be shared through bid requests or through pixels embedded in ad creative.

The IAB is seeking input from industry stakeholders like SSPs, DSPs, exchanges and publishers, Katsur said.

The IAB Tech Lab’s public comment period will remain open until December 2.

The proposed framework is available to read on GitHub, for the nerds.

Delete my number: The work on a framework comes amid an uptick in privacy legislation worldwide that has complicated the world of data collection and tracking and provided consumers with data deletion rights. The GDPR, which went into effect in 2018, gives citizens the “right to be forgotten,” and US states that have passed privacy legislation—including Oregon, Texas, Montana, and Tennessee—have included similar provisions. And despite recent failed attempts to pass a federal privacy law, President Biden recently called on Congress to pass a data privacy bill in his executive order about artificial intelligence.

If implemented as intended, the Tech Lab’s data deletion framework could be applied globally from Connecticut to Croatia.

“If the framework is properly deployed, and the protocol is honored, it wouldn’t matter what jurisdiction you’re in,” Katsur said. “If someone issues a delete request, it should propagate that through the ecosystem.”

The framework may see further modifications and updates as new privacy legislation goes into effect, Katsur told us. As it stands, for example, the framework doesn’t yet cover California’s recently passed Delete Act, which, when it goes into effect in 2026, will require that data brokers delete “all personal information” related to a consumer every 45 days if they ask.