A European data regulator might rule that the pop-ups asking for user consent to track data using cookies are illegal because they are not in line with Europe’s GDPR.
Privacy activists in Europe, including the Irish Council for Civil Liberties (ICCL) launched a complaint with the Belgian Data Authority (APD) claiming that IAB Europe breached Europe’s GDPR through its Transparency & Consent Framework (TCF). According to ICCL, APD has found that to be true.
The TCF provides guidelines on the best practices for collecting and processing data for targeted advertising.
According to the ICCL: “The online advertising industry and its trade body, “IAB Europe”, have been found to have deprived hundreds of millions of Europeans of their fundamental rights.”
It added: “These [consent] popups purport to give people control over how their data are used by the online advertising industry. But in fact, it does not matter what people click.
“For almost four years, websites and apps have plagued Europeans with this ‘consent’ spam. But our evidence reveals that IAB Europe knew that conventional tracking-based advertising was ‘incompatible with consent under GDPR’ before it launched the consent system.”
IAB Europe said no ruling or decision has been made.
“There is no ruling nor decision by any DPA [Data Protection Authority] at this point,” IAB Europe legal director Filip Sedefov told Mediatel News.
APD released a statement saying that it was close to finalizing a ruling.
“The draft ruling is expected to be shared with other Data Protection Authorities (DPAs) in the coming two-three weeks under the
Cooperation Procedure laid down in the GDPR. Those DPAs will have 30 days to review it. Depending on the outcome of that review, the APD may adopt a final ruling or the matter may be referred to the European Data Protection Board for a binding decision,” the statement added.