Regulators find Europe’s ad-tech industry acted unlawfully, violates GDPR

After a years-long process, data protection officials across the European Union have ruled that Europe’s ad tech industry has been operating unlawfully. The decision, handed down by Belgium’s APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent: IAB Europe.

At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover — in the form of those consent pop-ups which blight websites — enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc.

Back in December, I wrote a deep (deep) dive on this situation*, and the potential privacy violations that the RTB process caused


The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. T


Regulators have also handed down an initial fine of €250,000 to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer.



Source: Regulators find Europe’s ad-tech industry acted unlawfully | Engadget

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft