Weekly Privacy Update: 4th February 2022

Week‌ ‌in‌ ‌Review‌

This week, we have some top news for you from the world of privacy. 

Among the trending news, the Belgian DPA has issued a final decision in the IAB Europe case. The authority found that the IAB Europe and the TCF do not comply with many of the GDPR’s obligations and gave IAB Europe two months to provide a corrective action plan. 

The DPA concluded that IAB Europe operates as a data controller and can be held responsible for potential GDPR violations due to data processing under the TCF, which facilitates the administration of users’ preferences for online customised advertising. 

Join seers privacy webinar for more information on “Cookie Compliance – Emerging Challenges And their Solutions.” You can register for the webinar here

The Belgian DPA noted that IAB Europe had been found in violation of the following rules: 

  • Failure to establish a legal basis for the processing of personal data
  • Given the TCF’s complexity, failure to fully educate data subjects on the nature and scope of processing 
  • Failure to keep track of processing activities
  • Non-appointment of a Data Protection Officer
  • Failure to have a Data Protection Impact Assessment 

In addition, the Belgian DPA found that IAB Europe, consent management platforms (CMPs), publishers, and collaborating AdTech vendors should also be considered joint data controllers to collect and process the consent preference of the data subject. 

Top Stories and Updates 

EU: EDPB publishes guidelines on data subject rights – Right of access 

On 28 January, 2022, the European Data Protection Board (EDPB) announced on Twitter that it had released Guidelines 01/2022 on data subject rights – Right of access. According to the EDPB, the Guidelines aim to analyse various aspects of access and provide more accurate guidance on how the right of access should be implemented in multiple scenarios. Read more here

European Commission gives WhatsApp one month to clarify its privacy policy change

The European Commission has given WhatsApp until the end of February to explain changes to its privacy policy and whether they comply with EU privacy regulations. The European Consumer Organisation and eight of its members complained to European authorities that WhatsApp was unfairly asking users to accept its new privacy policy, allowing it to share data with its parent company, Facebook. Read more here

Google releases a differential privacy tool to celebrate Data Privacy Day

On January 28, Google announced a new differential privacy tool to coincide with Data Privacy Day, which it says will allow businesses to better “tune the parameters used to produce differentially private information.” An example of applying a differential privacy model will be looking at a website’s most viewed web pages on a per-country basis in an aggregate and anonymised manner way. Read more here

Italy: Garante fines Enel Energia €26.5M under GDPR for multiple data protection violations 

The Italian data protection authority (Garante) fined an energy supplier company, Enel Energia, 26.5 million euros for its aggressive telemarketing under the General Data Protection Regulation (GDPR). According to the Italian DPA judgment, the company used users’ data without their consent and failed to respect the concept of accountability. According to the GDPR Enforcement Tracker, it is the sixth-largest fine imposed by an EU data regulator under the GDPR and the second-largest #penalty issued by the Italian data protection authority. Read more here

Privacy Webinar Series “Cookie Compliance – Emerging Challenges And their Solutions” 

Seers is hosting the privacy webinar on “Cookie Compliance – Emerging Challenges And their Solutions” on February 23 at 16:00 GMT with kay speakers: 

Jamal Ahmed (Chief Executive Officer at Kazient Privacy Experts), 

Miki Fainberg (Head of Privacy Operations at PrivacyTeam), and  

Adnan Zaheer (Chief Executive Officer at Seers). 

The aim of the webinar is to discuss the latest advancements and challenges related to cookie compliance, and their impact on businesses, especially on the AdTech industry. It will cover the topics related to:  

  • The IAB TCF Europe non-compliance with GDPR, 
  • Google & Facebook fined for violating cookie laws 
  • Garante’s guidelines on the use of cookies and other tracking technologies
  • EDPB’s instructions on data subject’s right of access 

Our expert will also present you with some solutions to address them while staying compliant with the updated cookie laws. 

Please Register here

Request a free demo

Don’t Risk €20 Million in Fines
—Ensure Compliance Today

Worth €30/Month