Regulators Find Europe's Ad-Tech Industry Acted Unlawfully (engadget.com) 17
After a years-long process, data protection officials across the European Union have ruled that Europe's ad tech industry has been operating unlawfully. Engadget reports: The decision, handed down by Belgium's APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent: IAB Europe. At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover -- in the form of those consent pop-ups which blight websites -- enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc.
The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right. IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it's looking to reform the process and "submit the Framework for approval as a GDPR transnational Code of Conduct."
According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will "have major unintended negative consequences going well beyond the digital advertising industry."
The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right. IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it's looking to reform the process and "submit the Framework for approval as a GDPR transnational Code of Conduct."
According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will "have major unintended negative consequences going well beyond the digital advertising industry."
It can't be! (Score:3, Funny)
No, it can't be true! It just can't! We all know that advertisers are the most ethically inclined professionals in the technology business and now you expect me to believe they went and broke the law knowing it was illegal?! I cannot and will not accept it... until it's in an advertisement on Facebook.
Re: (Score:2, Funny)
Came here to find a comment like this. 5/5 would read again
Re: It can't be! (Score:4, Informative)
Re: (Score:2)
Leadership. maybe. But most people just work there, like in many other jobs.
Re: It can't be! (Score:2)
Re: It can't be! (Score:2)
Re: (Score:2)
Bend over comrade!
The decision is fairly readable (Score:3)
I don't see how they are going to succeed in any claim that they are not a data controller, but hey, IANAL.
Re: The decision is fairly readable (Score:3)
Re: (Score:3)
While I welcome this, I still think that their consent banners are not compliant with the rules. Recital 34 states that consent must be freely given and no coerced by default opt-in or by making declining more difficult than accepting. Their banners clearly don't meet those criteria.
Re: (Score:2)
They've been hit with a modest fine (as per the EU legislation which essentially says it needs to be big enough to dissuade ju
Re: The decision is fairly readable (Score:2)
Re: (Score:2)
Enough already (Score:3)
Users would likely access the feature through a monthly subscription, he noted.
Well I guess that's out of the question for me. Enough with the subscriptions already.
IAB is cancer (Score:1)