Read Time:1 Minute, 51 Second

Online Ad Association Fined for Privacy Violation

An association for online advertising companies has been fined hundreds of thousands of dollars for developing an ad-targeting tool that violated European Union data laws.

The Belgian Data Protection Authority (BE DPA) said it was necessary to impose “harsh sanctions” on IAB Europe because the association’s Transparency and Consent Framework (TCF) “could, for a large group of citizens, lead to a loss of control over their personal data.”

The TCF tool allows online publishers and websites to obtain users’ consent to process their personal data for targeted advertising. It was designed to facilitate real-time bidding (RTB) – a means by which advertising inventory is bought and sold on a per-impression basis via instantaneous programmatic auction.

In a statement released October 2020, IAB Europe said that the TCF is a voluntary standard whose purpose is to assist companies in the digital advertising ecosystem to comply with EU data protection law.

“It contains a minimal set of best practices seeking to ensure that when personal data is processed, users are provided with adequate transparency and choice,” said IAB Europe.

“Its policies do not assist or seek to assist the processing of special categories of data. It does not intend to replace legal obligations nor enable practices prohibited under the law.”

The Belgian data watchdog imposed a fine of €250k ($282,690) on IAB Europe and ordered the advertising association to implement a “series of remedies” to ensure that it complied with the EU’s General Data Protection Regulation (GDPR).

“Contrary to IAB Europe’s claims, the Litigation Chamber of the BE DPA found that IAB Europe is acting as a data controller with respect to the registration of individual users’ consent signal, objections and preferences by means of a unique transparency and consent (TC) string, which is linked to an identifiable user,” stated the BE DPA.

IAB Europe has been given six months to bring the framework into compliance with European law.

David Stevens, a chairperson of the BE DPA, said: “Brave little Belgium has once again shown that it is not afraid to tackle major cases such as this one, which really concerns all European citizens that shop, work or play online.”

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

Online Ad Association Fined for Privacy Violation

Online Ad Association Fined for Privacy Violation

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical