Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
EU Advertising The Internet

IAB Europe Says It's Expecting To Be Found In Breach of GDPR (techcrunch.com) 29

A flagship framework used by Google and scores of other advertisers for gathering claimed consent from web users for creepy ad targeting looks set to be found in breach of Europe's General Data Protection Regulation (GDPR). TechCrunch reports: A year ago the IAB Europe's self-styled Transparency and Consent Framework (TCF) was found to fail to comply with GDPR principles of transparency, fairness and accountability, and the lawfulness of processing in a preliminary report by the investigatory division of the Belgian data protection authority. The complaint then moved to the litigation chamber of the DPA -- and a whole year passed without a decision being issued, in keeping with the glacial pace of privacy enforcement against adtech in the region.

But the authority is now in the process of finalizing a draft ruling, according to a press statement put out by the IAB Europe today. And the verdict it's expecting is that the TCF breaches the GDPR. It will also find that the IAB Europe is itself in breach. Oopsy. The online advertising industry body looks to be seeking to get ahead of a nuclear finding of non-compliance, writing that the DPA "will apparently identify infringements of the GDPR by IAB Europe," and trying to further spin the finding as "fixable" within six months (it doesn't say how, however) -- while simultaneously implying the breach finding may not itself be fixed because other EU DPAs still need to weigh in on the decision as part of the GDPR's standard cooperation procedure (which applies to cross-border complaints).

In terms of timing, a final verdict on the investigation is still likely months off -- and may not emerge 'til deep into 2022. Appeals are also almost inevitable. But the tracking industry's problems are starting to look, well, appropriately sticky. In the short term, the IAB says it expects a draft ruling to be shared by Belgium with other EU DPAs in the next two to three weeks -- at which point they get 30 days to review it and potentially file objections. If DPAs don't agree with the lead authority's finding and can't agree among themselves, the European Data Protection Board may need to step in and take a binding decision -- such as happened in another cross-border case against WhatsApp (which led to a $267 million fine, a larger penalty that the lead DPA in that case had originally proposed).

This discussion has been archived. No new comments can be posted.

IAB Europe Says It's Expecting To Be Found In Breach of GDPR

Comments Filter:
  • Twitter is in violation of the GDPR too. I sent them a GDPR request to delete an account belonging to me that was perma-suspended and they just ignored me.
    It's literally impossible to delete your data off Twitter if your account is suspended, since suspension locks you out of deleting your account.
    • I got suspended on Twitter too. Now I can't access my account without providing my phone number. That was a bit over a year ago. I miss that account, I had over 500 influential followers and was only following 100 people. Any "social" platform can FOAD if they want my number. As in your case, I can't even delete the offending tweet. Irony much?
      • in the uk you can have a free sim card delivered to you from most providers - you're expected to top it up with money but you don't have to. you can receive a text on the sim, validate the code on the website, and then bin the sim. wasteful, but it'll get you back into your account without twitter having any useful information. here is an example link https://www.three.co.uk/Suppor... [three.co.uk]

    • by AmiMoJo ( 196126 )

      File a complaint with your regulator. In the UK it's the ICO, and I've had good results with them. Companies usually comply once they get a nastygram from the ICO.

  • I am shocked, shocked I tell you!

    In all seriousness, is this a surprise to anyone? Their business model is predicated upon violating your privacy wherever they can. This sounds less like an accident and more like a calculated cost vs benefit decision
  • you're the product.
  • These creepy ad companies should be called "Stalker Net" so people can better understand what they do.

    It is a Good Thing for Europe to rein them in. More countries should make GDPR-like laws.

  • by Megane ( 129182 )
    So WTF is an IAB?
    • by Megane ( 129182 )
      And now I've noticed that I also don't know WTF a DPA is. Thanks for explaining these for those of us who aren't in Europe.
    • I had to hunt for it - a job that BeauHD should probably have done - and another article deeper found that the framework is "designed by ad industry body, the IAB Europe".

      And I've lost interest. For adverts, I have AdBlock and Noscript. On Twitter, almost every "promoted" tweet scores a BLOCK on the advertiser. Sometimes a MUTE, so I can send an snarky comment about an Advertising Manager who has just blown part of his budget on reducing exposure. Slow Hand Clap.

      No, I don't care if they starve in the stre

Truly simple systems... require infinite testing. -- Norman Augustine

Working...