gdpr   2113

« earlier    

Risks in IAB Europe’s proposed consent mechanism • PageFair
Johnny Ryan points to problems with the upcoming collision of the EU's GDPR data protection regime and the desperate attempts by ad-tech companies to stick with their old business model:
<p>The ad-tech companies who drafted the IAB [Internet Advertising Bureau] Europe proposal claim that “publishers have full control over who they partner with, who they disclose to their users and who they obtain consent for.” But the IAB Europe documentation shows that adtech companies would remain entirely free to trade the personal data with their business partners if they wish. The proposed system would share a unique consent record “throughout the online advertising ecosystem”, every time an ad is loaded on a website:
<p>“the OpenRTB request [from a website to an ad exchange] will contain the entire DaisyBit [a persistent cookie], allowing a vendor to see which other vendors are an approved vendor or a publisher and whether they have obtained consent (and for which purposes) and which have not.”</p>

There would be no control over what happens to personal data once they enter the RTB system: “[adtech] vendors may choose not to pass bid requests containing personal data to other vendors who do not have consent”. This is a critical problem, because the overriding commercial incentive for many of the companies involved is to share as many data with as many partners as possible, and to share it with parent companies that run data brokerages. In addition, publishers are expected to trust that JavaScript in “ad creatives” is not dropping trackers, even though no tools to police this are proposed here.

IAB Europe is asking publishers and brands to expose themselves to the legal risk of routinely sharing these personal data with several thousand adtech companies. What publishers and brands need is a “trust no one” approach. IAB Europe is proposing a “trust everyone” approach. Indeed, the proposed system looks like the GDPR’s description of a data breach…</p>

Someone's going to be in trouble with this.
publishing  adtech  gdpr 
23 hours ago by charlesarthur
The Nightmare Letter: A Subject Access Request under GDPR
"I had drafted a letter a few years ago detailing the worst kind of personal information access request that a Canadian company could receive under PIPEDA. I thought it might be useful to update that as a subject access request under GDPR, and present it as a worst-case situation (with thanks to Paul Breitbarth for reviewing this and offering some insights from a regulator's point of view)"
gdpr  european-union  data-retention 
yesterday by aidan
RT : Europe's New Privacy Law Will Change the Web, and More
privacy  gdpr  from twitter
yesterday by netweb

« earlier    

related tags

00000  access  adtech  ai  anaadlaw  api  article  bas  blockchain  cambridgeanalytica  compliance  consent  cookie-consent  cool  cooperative  credit  dad  data-portability  data-retention  data  dataprotection  decentralisation  design  development  email  ethics  eu  europe  european-union  evil  evolui  example  facebook  faq  google  governance  gpdr  hackernews  hci  hn  howto  humanresources  kindled  law  legal  legislation  letter  linkedin  machinelearning  mailchimp  marketing  moodle  nieuwsbrief  ntt  operations  papers  patterns  paypal  personaldata  plugin  postgres  privacidade  privacy  privacykit  privacykitadvisory  privacykitforbusiness  protection  publishing  regulation  request  rights  security  slides  social-media  subject  subjectaccessrequests  sysadmin  tankar  tech  technology  testcase  tools  toread  transparency  trust  veale  web  wordpress 

Copy this bookmark: