Online Ad Association Fined for Privacy Violation
An association for online advertising companies has been fined hundreds of thousands of dollars for developing an ad-targeting tool that violated European Union data laws.
The Belgian Data Protection Authority (BE DPA) said it was necessary to impose “harsh sanctions” on IAB Europe because the association’s Transparency and Consent Framework (TCF) “could, for a large group of citizens, lead to a loss of control over their personal data.”
The TCF tool allows online publishers and websites to obtain users’ consent to process their personal data for targeted advertising. It was designed to facilitate real-time bidding (RTB) – a means by which advertising inventory is bought and sold on a per-impression basis via instantaneous programmatic auction.
In a statement released October 2020, IAB Europe said that the TCF is a voluntary standard whose purpose is to assist companies in the digital advertising ecosystem to comply with EU data protection law.
“It contains a minimal set of best practices seeking to ensure that when personal data is processed, users are provided with adequate transparency and choice,” said IAB Europe.
“Its policies do not assist or seek to assist the processing of special categories of data. It does not intend to replace legal obligations nor enable practices prohibited under the law.”
The Belgian data watchdog imposed a fine of €250k ($282,690) on IAB Europe and ordered the advertising association to implement a “series of remedies” to ensure that it complied with the EU’s General Data Protection Regulation (GDPR).
“Contrary to IAB Europe’s claims, the Litigation Chamber of the BE DPA found that IAB Europe is acting as a data controller with respect to the registration of individual users’ consent signal, objections and preferences by means of a unique transparency and consent (TC) string, which is linked to an identifiable user,” stated the BE DPA.
IAB Europe has been given six months to bring the framework into compliance with European law.
David Stevens, a chairperson of the BE DPA, said: “Brave little Belgium has once again shown that it is not afraid to tackle major cases such as this one, which really concerns all European citizens that shop, work or play online.”
More Stories
Live Video of Promachoteuthis Squid
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile. Blog...
YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack,...
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and...
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally...
PyPI Revival Hijack Puts Thousands of Applications at Risk
Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads Read More
Security Budgets Come Under Pressure as “Hypergrowth” Ends
Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows Read More