Formal GDPR complaint against IAB Europe’s “cookie wall” and GDPR consent guidance
19 days ago by jm
Fantastic :) A formal complaint has been filed with the Irish Data Protection Commission against IAB Europe, the tracking industry’s primary lobbying organization:dpc ireland brave iab-europe iab cookies tracking gdpr law eu
Tracking and cookie walls:
Visitors to IAB Europe’s website, www.iabeurope.eu, are confronted with a “cookie wall” that forces them to accept tracking by Google, Facebook, and others, which may then monitor them. Dr. Ryan has complained to the Irish Data Protection Commission that this is a breach of the GDPR, which protects people in Europe from being forced to accept processing for their data for any purpose other than the provision of the requested service.
“One should not be forced to accept web-wide profiling by unknown companies as a condition of access to a website”, said Dr Johnny Ryan of Brave. “This would be like Facebook preventing you from accessing the Newsfeed until you have clicked a button permitting it to share your data with Cambridge Analytica.”
Simon McGarr of McGarr Solicitors, who has worked on data protection cases for Digital Rights Ireland, represents Dr Ryan in his complaint. Mr McGarr said “Where companies rely on consent to process people’s data it is critical that this is more than a box ticking exercise. For consent to be valid, it must be freely given, informed, specific and unambiguous. There’s nothing intrinsically good or bad in cookie technology – what matters is ensuring it’s applied in a way which respects individuals’ rights.”
Challenging IAB Europe’s industry guidance on the GDPR:
The complaint to the Irish Data Protection Commission will also test IAB Europe’s GDPR guidance to the online advertising industry. IAB Europe has put itself forward as a primary designer of the online tracking industry’s data protection notices. It has told major media organizations, tracking companies, and advertising technology companies that they can sidestep the GDPR, and rely instead on the ePrivacy Directive, which IAB Europe has interpreted as more lax in protecting personal data.
IAB Europe has widely promoted the notion that access to a website or app can be made conditional on consent for data processing that is not necessary for the requested service to be delivered, despite the clear requirements of the GDPR, and statements from several national data protection authorities, that say otherwise.
“This complaint will make it plain that the media and advertising industry should not rely on IAB Europe for GDPR guidance”, said Dr Ryan.
19 days ago by jm
Copy this bookmark: