GDPR AdTech Complaints in Europe⁚ A Growing Trend
GDPR adtech complaints keep stacking up in Europe. It’s a year since Europe’s General Data Protection Regulation (GDPR) came into force and leaky adtech is now facing privacy complaints in four more European Union markets. The first RTB complaints were filed in the UK and Ireland, last fall, by Dr Johnny Ryan of private browser Brave; Jim …
Todays filings extend the complaints initially filed in Ireland, the UK and Poland, to a total of seven EU countries. This week marks one year since the GDPR. We hope that this complaint sends a strong message to Google and those using Ad Tech solutions in their websites and products, said Gemma Galdon Cavell, CEO of Eticas.
Its a year since Europes General Data Protection Regulation came into force and leaky adtech is now facing privacy complaints in four more European Union markets.This ups the tally to seven …
Its a year since Europes General Data Protection Regulation (GDPR) came into force and leaky adtech is now facing privacy complaints in four more
The Rise of Complaints
GDPR adtech complaints keep stacking up in Europe. It’s a year since Europe’s General Data Protection Regulation (GDPR) came into force and leaky adtech is now facing privacy complaints in four more European Union markets. The first RTB complaints were filed in the UK and Ireland, last fall, by Dr Johnny Ryan of private browser Brave; Jim …
Todays filings extend the complaints initially filed in Ireland, the UK and Poland, to a total of seven EU countries. This week marks one year since the GDPR. We hope that this complaint sends a strong message to Google and those using Ad Tech solutions in their websites and products, said Gemma Galdon Cavell, CEO of Eticas.
Its a year since Europes General Data Protection Regulation came into force and leaky adtech is now facing privacy complaints in four more European Union markets.This ups the tally to seven …
Its a year since Europes General Data Protection Regulation (GDPR) came into force and leaky adtech is now facing privacy complaints in four more
The Impact of GDPR
The General Data Protection Regulation (GDPR) became enforceable on May 25th 2018. Since then, complaints against the AdTech industry are piling up, attacking intrusive tracking and profiling practices, unfairly obtained consent and insufficient legal basis, all of which we consider to infringe GDPR.
Europes water is under increasing pressure. … Under GDPR, only one EU countrys national data protection authority can handle legal cases involving cross-border data complaints. For Facebook …
Irelands evasive response to a major security complaint filed against Googles adtech the year the European Unions General Data Protection Regulation (GDPR) came into application is the …
Europes GDPR offers privacy groups new ways to challenge adtech And regulators are listening. Mar 23rd 2019. … has opened the way for a range of complaints about online advertising auctions.
The original complaint, which challenged the industrys compliance with Europes General Data Protection Regulation (GDPR), was filed in September 2018 by Jim Killock, executive director of …
IAB Europe and the TCF
A series of complaints were filed from commercial and civil society organisations across the UK and Europe in 2018 and 2019, most notably, that of Dr Johnny Ryan, formerly the chief policy and industry relations officer at Brave. These complaints targeted the TCF and challenged its conformity with the GDPR.
Belgiums Data Protection Authority (DPA) found on 2 February 2022 that IAB Europes Transparency and Consent Framework (TCF), which is used across the adtech industry, violated the GDPR. The DPA found that IAB Europe was responsible for the TCF, and gave it two months to develop an action plan to bring the framework into …
Since 2019, complaints have been filed against Interactive Advertising Bureau Europe (IAB), the trade group for the digital marketing and advertising ecosystem whose members include media …
After a years-long process, data protection officials across the European Union have ruled that Europes ad tech industry has been operating unlawfully. The decision, handed down by Belgiums APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent⁚ IAB Europe.
The Future of AdTech in Europe
Ryan and others have been filing formal complaints against RTB security issue for years, arguing the system breaches a core principle of Europes General Data Protection Regulation (GDPR …
Googles dominance of the online ad market has been targeted by another antitrust complaint filed in the European Union by a coalition of publishers. This time its the European Publishers …
This, it says in the complaints filed on Wednesday, violates the GDPRs requirement for personal data to be processed in a way that ensures they are properly secured, including against …
At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover in the form of those consent pop-ups which blight websites enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc.
The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding.
The Legal Landscape
The General Data Protection Regulation (GDPR) became enforceable on May 25th 2018. Since then, complaints against the AdTech industry are piling up, attacking intrusive tracking and profiling practices, unfairly obtained consent and insufficient legal basis, all of which we consider to infringe GDPR.
Key GDPR Provisions
The complaints are being brought under the blocs data protection rules. Currently, Meta charges regional users 9.99/month on web (or 12.99/month on mobile) to opt out of seeing any …
Photo by Apu Gomes / GETTY IMAGES NORTH AMERICA / Getty Images via AFP A privacy campaign group on Monday lodged complaints against Elon Musks X in eight European countries over … Data Protection …
A Vienna-based privacy campaign group lodged complaints in eight European countries against Elon … landmark General Data Protection Regulation (GDPR). The GDPR aims to make it easier for people …
European Commissioner … along with complaints to data protection authorities. There are several legal bases for processing personal data under GDPR. On a practical level, these often come …
following complaints privacy activists made to European data protection authorities. Those activists say that, under the EUs General Data Protection Regulation (GDPR), Meta doesnt have a …
Data Protection Authorities (DPAs)
Sometimes, the company against which the complaint has been lodged processes data in different EU Member States. In this particular case, the competent DPA handles the complaint in cooperation with the DPAs based in the other EU Member States. This system, called the one-stop-shop mechanism, ensures complaints are handled more efficiently.
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the Second Report … dealing with trivial consumer complaints and not enough time on public …
Googles lead privacy regulator in the European Union has opened an investigation … the blocs General Data Protection Regulation (GDPR), has powers to levy fines of up to 4 of Alphabet …
Mozilla, the non-profit that develops the Firefox web browser, has been hit with a complaint by European Union privacy rights …
Vienna-based NOYB has filed a complaint against Firefoxs parent company Mozilla with the data protection authority of … […] […] [end of information from the Internet]
The One-Stop-Shop Mechanism
Despite the two year lead-in period before the GDPR, adtech companies have failed to comply. Our complaint should trigger a EU-wide investigation in to the ad tech industrys practices, using Article 62 of the GDPR. The industry can fix this. Ads can be useful and relevant without broadcasting intimate personal data.
Background. In September 2018, we started a challenge to surveillance advertising and the widespread illegality in the field of online advertising and tracking. Jim Killock from Open Rights Group and Dr Michael Veale from University College London filed a complaint to the Information Commissioners Office (ICO) against Real-Time-Bidding (RTB …
Europes water is under increasing pressure. … Under GDPR, only one EU countrys national data protection authority can handle legal cases involving cross-border data complaints. For Facebook .;.
Irelands evasive response to a major security complaint filed against Googles adtech the year the European Unions General Data Protection Regulation (GDPR) came into application is the …
Its a year since Europes General Data Protection Regulation came into force and leaky adtech is now facing privacy complaints in four more European Union markets.This ups the tally to seven …
Year | Complaint | Organization | Country | Outcome |
---|---|---|---|---|
2018 | Real-Time Bidding (RTB) | Open Rights Group and University College London | UK | Complaint filed with the Information Commissioners Office (ICO) |
2018 | Transparency and Consent Framework (TCF) | Dr Johnny Ryan (Brave) | Multiple (EU-wide) | Challenge to the TCF’s conformity with GDPR |
2019 | Google’s adtech practices | European Publishers’ Council | EU | Antitrust complaint filed against Google’s dominance in the online ad market |
2020 | Real-Time Bidding (RTB) | Dr Johnny Ryan (Brave) | Multiple (EU-wide) | Complaints filed in 7 EU countries, alleging the system breaches GDPR |
2022 | Transparency and Consent Framework (TCF) | Irish Council for Civil Liberties | EU | Belgiums DPA ruled that the TCF violated GDPR, ordering IAB Europe to rebuild the framework |
GDPR Article | Description | Relevance to AdTech Complaints |
---|---|---|
Article 5 | Lawfulness, fairness and transparency | Complaints often allege that adtech practices violate these principles, particularly regarding transparency and consent. |
Article 6 | Lawful basis for processing personal data | Complaints challenge whether adtech companies have a lawful basis for processing personal data, such as consent or legitimate interest. |
Article 13 | Information to be provided where personal data is collected from the data subject | Complaints highlight the lack of clear and concise information provided to users about how their data is being collected and used in adtech. |
Article 14 | Information to be provided where personal data is not collected from the data subject | Complaints emphasize the need for transparency when adtech companies obtain data about users from third parties. |
Article 17 | Right to erasure (“right to be forgotten”) | Complaints argue that users have a right to have their personal data erased from adtech systems. |
Key AdTech Terms | Definition | Relevance to GDPR Complaints |
---|---|---|
Real-Time Bidding (RTB) | An automated auction system where advertisers bid on ad space in real-time based on user data. | Complaints often focus on RTB as a mechanism for collecting and processing personal data without adequate consent and transparency. |
Transparency and Consent Framework (TCF) | A standardized framework designed to provide legal cover for adtech companies by allowing users to give consent to data collection and processing. | Complaints argue that the TCF fails to provide meaningful consent and is not compliant with GDPR requirements. |
TC String | A unique identifier that contains information about a user’s consent preferences, which is transmitted across adtech platforms. | Complaints raise concerns about the privacy implications of TC Strings, as they can be used to track and profile users across websites. |
Data Processor | An organization that processes personal data on behalf of another organization (data controller). | Complaints challenge the role of adtech companies as data processors and whether they are adequately protecting user data. |
Data Controller | An organization that determines the purposes and means of processing personal data; | Complaints often point to the lack of clear data controller responsibility within the adtech ecosystem. |
Relevant Solutions and Services from GDPR.Associates
GDPR.Associates is a leading provider of GDPR compliance solutions and services for businesses operating in Europe. We understand the complexities of the GDPR and the challenges it presents for adtech companies, and we are committed to helping our clients achieve compliance and protect their users’ privacy.
Our services include⁚
- GDPR audits and assessments⁚ We help you identify and address potential GDPR risks in your adtech operations.
- GDPR policy development⁚ We work with you to create and implement robust GDPR policies that meet the requirements of the regulation.
- GDPR training⁚ We provide comprehensive training for your employees on GDPR compliance and best practices.
- Data mapping and processing agreements⁚ We help you map your data flows and create data processing agreements that comply with GDPR requirements.
- Data breach response⁚ We provide guidance and support in the event of a data breach.
We have a team of experienced GDPR experts who are committed to providing you with the best possible service and support.
Contact us today to learn more about our GDPR solutions and services.
FAQ
Q⁚ What is the GDPR?
A⁚ The General Data Protection Regulation (GDPR) is a comprehensive data protection law adopted by the European Union (EU) that came into effect on May 25, 2018; It aims to protect the personal data of individuals within the EU and gives them more control over how their data is used.
Q⁚ Why are there so many GDPR complaints against adtech companies?
A⁚ Adtech companies collect and process vast amounts of personal data about users, often without their explicit knowledge or consent. This raises concerns about privacy violations and data security, making them a frequent target of GDPR complaints.
Q⁚ What are the consequences of violating the GDPR?
A⁚ Companies that violate the GDPR can face significant fines, up to €20 million or 4% of their annual global turnover, whichever is higher. They may also face other sanctions, such as data protection audits or orders to stop processing personal data.
Q⁚ What can adtech companies do to comply with the GDPR?
A⁚ Adtech companies need to implement a comprehensive GDPR compliance program that includes⁚
- Mapping their data processing activities
- Obtaining valid consent from users for data processing
- Ensuring transparency about data collection and use
- Implementing appropriate technical and organizational security measures
- Appointing a data protection officer (DPO)
Q⁚ What are the key challenges for adtech companies in complying with the GDPR?
A⁚ Adtech companies face significant challenges in complying with the GDPR, including⁚
- The complexity of the regulation and its broad scope
- The need to obtain valid consent for data processing in a transparent and user-friendly way
- The difficulty in managing data across multiple platforms and partners
- The potential impact on ad revenue and business models
Q⁚ What is the future of adtech in Europe under the GDPR?
A⁚ The GDPR is likely to continue to shape the adtech landscape in Europe, driving greater privacy protection and transparency. Adtech companies that fail to adapt to the evolving regulatory environment risk facing significant legal and financial consequences. This emphasizes the need for businesses to prioritize GDPR compliance and implement appropriate measures to protect user data and comply with the regulations.
The Court of Justice of the European Union (CJEU) has made a landmark decision (7 March 2024, C-604/22) on the intricacies of adtech, personal data, and joint control against the background of the General Data Protection Regulation (GDPR). In clarifying several points that make it relevant beyond adtech, the ruling⁚ Supports the existing view that data can only be considered anonymized if the …
Adtech breach widens, two years after first complaints September 22, 2020 9⁚30 am Two years since the first realtime bidding (RTB) complaints were lodged, regulators failure to act is allowing Google and IAB Europe to perpetuate the biggest data breach of all time, with abuse even more widespread and consumers highly personal …
Googles lead privacy regulator in the European Union has opened an investigation … the blocs General Data Protection Regulation (GDPR), has powers to levy fines of up to 4 of Alphabet …
Its a year since Europes General Data Protection Regulation (GDPR) came into force and leaky adtech is now facing privacy complaints in four more European Union markets. This ups the tally to seven …
Googles dominance of the online ad market has been targeted by another antitrust complaint filed in the European Union by a coalition of publishers. This time its the European Publishers …
Some of the instruments produced within the Council of Europe have played a decisive role in the teaching of so-called foreign languages by promoting methodological innovations and new approaches to …
Is this a farewell to consent pop-ups, which officials say dont work?
Wed, Feb 2, 2022, 7⁚57 AM 3 min read
After a years-long process, data protection officials across the European Union have ruled that Europes ad tech industry has been operating unlawfully. The decision, handed down by Belgiums APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent⁚ IAB Europe.
This article highlights a crucial issue: the lack of privacy protection in adtech. It
The article provides a valuable insight into the ongoing battle for data privacy. It
The article provides a clear overview of the growing number of GDPR complaints against adtech companies. It
This is a significant development in the fight for online privacy. The increasing number of complaints shows that consumers are becoming more aware of their rights and willing to take action.
This article is a wake-up call for adtech companies. They need to prioritize data privacy and comply with GDPR regulations.
This is a timely and informative article. It
This is a significant development in the fight for online privacy. It
The article highlights the importance of consumer awareness in protecting online privacy. It
The article raises important questions about the effectiveness of GDPR in regulating adtech. It
The article highlights the importance of consumer activism in protecting online privacy. It
It
The article sheds light on the complexities of data privacy in the digital age. It
This article is a reminder that we need to be proactive in protecting our online privacy. It
This article is a reminder that we need to be vigilant about protecting our online privacy. It
This is a positive development for online privacy. It
The article raises important concerns about the potential for adtech companies to exploit user data. It