Online Ad Association Fined for Privacy Violation
An association for online advertising companies has been fined hundreds of thousands of dollars for developing an ad-targeting tool that violated European Union data laws.
The Belgian Data Protection Authority (BE DPA) said it was necessary to impose “harsh sanctions” on IAB Europe because the association’s Transparency and Consent Framework (TCF) “could, for a large group of citizens, lead to a loss of control over their personal data.”
The TCF tool allows online publishers and websites to obtain users’ consent to process their personal data for targeted advertising. It was designed to facilitate real-time bidding (RTB) – a means by which advertising inventory is bought and sold on a per-impression basis via instantaneous programmatic auction.
In a statement released October 2020, IAB Europe said that the TCF is a voluntary standard whose purpose is to assist companies in the digital advertising ecosystem to comply with EU data protection law.
“It contains a minimal set of best practices seeking to ensure that when personal data is processed, users are provided with adequate transparency and choice,” said IAB Europe.
“Its policies do not assist or seek to assist the processing of special categories of data. It does not intend to replace legal obligations nor enable practices prohibited under the law.”
The Belgian data watchdog imposed a fine of €250k ($282,690) on IAB Europe and ordered the advertising association to implement a “series of remedies” to ensure that it complied with the EU’s General Data Protection Regulation (GDPR).
“Contrary to IAB Europe’s claims, the Litigation Chamber of the BE DPA found that IAB Europe is acting as a data controller with respect to the registration of individual users’ consent signal, objections and preferences by means of a unique transparency and consent (TC) string, which is linked to an identifiable user,” stated the BE DPA.
IAB Europe has been given six months to bring the framework into compliance with European law.
David Stevens, a chairperson of the BE DPA, said: “Brave little Belgium has once again shown that it is not afraid to tackle major cases such as this one, which really concerns all European citizens that shop, work or play online.”
More Stories
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks Read More
Multi-Cloud Adoption Surges Amid Rising Security Concerns
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure...
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity...
Illicit Crypto-Inflows Set to Top $51bn in a Year
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 Read More
Phishing False Alarm
A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to...
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation Read More