IAB Europe is facing a fine. The Data Protection Authority (GBA) decided to impose a €250,000 fine after breaches of privacy rules were found.
The GBA is a Belgian government agency that watches over the proper processing of personal data. Today, the institution decided that some of IAB Europe’s practices violate GDPR rules.
GDPR rules violated
IAB Europe is a trade association serving digital advertising companies across Europe. The organization developed the Transparency and Consent Framework (TCF). With that framework, it should be possible to use modern techniques for personalized advertising while complying with GDPR legislation.
GDPR legislation makes it harder for advertising agencies to simply collect personal data from EU residents. Cookie policies make it harder to send personalized ads within Europe.
After an investigation by the GBA, it appears that the TCF is in violation of the GDPR. IAB Europe will therefore have to pay a fine and will need to know how to bring the framework back in line with the GDPR within two months.
Complex system
According to the GBA, the TCF system is too complicated. As a result, European citizens can hardly know what happens to their data. Furthermore, IAB Europe would arrogate to itself the position of “controller” without having any right to do so. Finally, during processing, IAB Europe flouts some privacy rules.
About, for example, the pop-up banner about the cookie policy on various websites, privacy watchdogs already received a lot of complaints. Alexander Alvaro, EU business adviser and former VP of the European Parliament, cited this himself late last year.
read also