IAB Europe, an association for online advertising companies, was fined €250,000 and handed an ultimatum by Belgium’s data watchdog for developing an ad-targeting tool that violated the region’s privacy law.
“Harsh sanctions” were necessary because the tool “could, for a large group of citizens, lead to a loss of control over their personal data,” Belgium’s data protection agency said in an emailed statement on Wednesday.
In addition to the fine, the ad group was ordered to put in place a "series of remedies" to comply with European Union rules.
The findings stemmed from proceedings initiated by complainants at the Belgian Data Protection Authority, coordinated by the Irish Council for Civil Liberties.
"This has been a long battle", said Dr Johnny Ryan of the Irish Council for Civil Liberties.
“Today’s decision frees hundreds of millions of Europeans from consent spam, and the deeper hazard that their most intimate online activities will be passed around by thousands of companies”.
IAB Europe’s so-called Transparency and Consent Framework enables websites and publishers to obtain the consent of users for the processing of their personal data for targeted advertising goals.
Real-time bidding
The tool is especially aimed at facilitating real-time bidding, an advertising technology used by publishers. Companies such as Google have come under increased scrutiny in Europe over the allegedly harmful way people's data is being processed in advertising transactions.
Google is also the focus of an Irish investigation into its data use in advertising transactions and announced changes to real-time bidding to better protect people’s privacy.
IAB Europe said it had “grave reservations” about the authority’s decision. The group rejected the regulator’s finding that IAB Europe can be held responsible over this data, saying that this “will have major unintended negative consequences going well beyond the digital advertising industry.”
It said it’s “considering all options” for a legal challenge. The EU’s General Data Protection Regulation came into effect in May 2018 and empowered national data watchdogs to levy fines of as much as 4 per cent of a company’s annual sales for the most serious violations. – Bloomberg