Online Ad Association Fined for Privacy Violation
An association for online advertising companies has been fined hundreds of thousands of dollars for developing an ad-targeting tool that violated European Union data laws.
The Belgian Data Protection Authority (BE DPA) said it was necessary to impose “harsh sanctions” on IAB Europe because the association’s Transparency and Consent Framework (TCF) “could, for a large group of citizens, lead to a loss of control over their personal data.”
The TCF tool allows online publishers and websites to obtain users’ consent to process their personal data for targeted advertising. It was designed to facilitate real-time bidding (RTB) – a means by which advertising inventory is bought and sold on a per-impression basis via instantaneous programmatic auction.
In a statement released October 2020, IAB Europe said that the TCF is a voluntary standard whose purpose is to assist companies in the digital advertising ecosystem to comply with EU data protection law.
“It contains a minimal set of best practices seeking to ensure that when personal data is processed, users are provided with adequate transparency and choice,” said IAB Europe.
“Its policies do not assist or seek to assist the processing of special categories of data. It does not intend to replace legal obligations nor enable practices prohibited under the law.”
The Belgian data watchdog imposed a fine of €250k ($282,690) on IAB Europe and ordered the advertising association to implement a “series of remedies” to ensure that it complied with the EU’s General Data Protection Regulation (GDPR).
“Contrary to IAB Europe’s claims, the Litigation Chamber of the BE DPA found that IAB Europe is acting as a data controller with respect to the registration of individual users’ consent signal, objections and preferences by means of a unique transparency and consent (TC) string, which is linked to an identifiable user,” stated the BE DPA.
IAB Europe has been given six months to bring the framework into compliance with European law.
David Stevens, a chairperson of the BE DPA, said: “Brave little Belgium has once again shown that it is not afraid to tackle major cases such as this one, which really concerns all European citizens that shop, work or play online.”
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...