Regulators Find Europe's Ad-Tech Industry Acted Unlawfully

After a years-long process, data protection officials across the European Union have ruled that Europe's ad tech industry has been operating unlawfully. Engadget reports: The decision, handed down by Belgium's APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent: IAB Europe. At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover -- in the form of those consent pop-ups which blight websites -- enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc. The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right. IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it's looking to reform the process and "submit the Framework for approval as a GDPR transnational Code of Conduct." According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will "have major unintended negative consequences going well beyond the digital advertising industry."

Read more of this story at Slashdot.