Following years of investigation, a European national authority has ruled that the region’s AdTech industry has violated privacy regulations.
The decision by the Belgian Data Protection Authority, an arm of the Data Protection Authority (DPA), the public authority that manages data protection laws within the EU, said regulators across the 27-nation bloc agreed the ad sector violated principles of the General Data Protection Regulations (GDPR), which governs privacy rights in the bloc.
Since 2019, complaints have been filed against Interactive Advertising Bureau Europe (IAB), the trade group for the digital marketing and advertising ecosystem whose members include media, technology and marketing companies. Regulators found the group violated provisions of the GDPR in relation to large-scale processing of personal data.
The basis for the ruling stemmed from grievances related to principles of legality, appropriateness, transparency, storage restriction, security and accountability on the use of the Transparency and Consent Framework, which enables publishers to sell ads on their websites.
Crafted by IAB, the framework was designed to provide consent when users click on a pop-up. But customer data collected as part of the process violated the GDPR, regulators said.
IAB said it may file a lawsuit to challenge the decision.
“We believe this finding is wrong in law and will have major unintended negative consequences going well beyond the digital advertising industry,” IAB said in a statement.
Last month, PYMNTS reported GDPR is taking a financial toll on Big Tech as fines have soared nearly sevenfold in the past year.
Read more: Fines for Breaches of EU Privacy Law Reach Nearly $1.2B
Nearly 1.1 billion euros (about $1.2 billion) in fines have been levied for a wide range of infringements of Europe’s tough data protection laws, according to a 20-page report, “DLA Piper GDPR fines and data breach survey: January 2022.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More