Week in Review
This week, we have some top news for you from the world of privacy.
Among the trending news, the Belgian DPA has issued a final decision in the IAB Europe case. The authority found that the IAB Europe and the TCF do not comply with many of the GDPR’s obligations and gave IAB Europe two months to provide a corrective action plan.
The DPA concluded that IAB Europe operates as a data controller and can be held responsible for potential GDPR violations due to data processing under the TCF, which facilitates the administration of users’ preferences for online customised advertising.
Join seers privacy webinar for more information on “Cookie Compliance – Emerging Challenges And their Solutions.” You can register for the webinar here.
The Belgian DPA noted that IAB Europe had been found in violation of the following rules:
- Failure to establish a legal basis for the processing of personal data
- Given the TCF’s complexity, failure to fully educate data subjects on the nature and scope of processing
- Failure to keep track of processing activities
- Non-appointment of a Data Protection Officer
- Failure to have a Data Protection Impact Assessment
In addition, the Belgian DPA found that IAB Europe, consent management platforms (CMPs), publishers, and collaborating AdTech vendors should also be considered joint data controllers to collect and process the consent preference of the data subject.
Top Stories and Updates
EU: EDPB publishes guidelines on data subject rights – Right of access
On 28 January, 2022, the European Data Protection Board (EDPB) announced on Twitter that it had released Guidelines 01/2022 on data subject rights – Right of access. According to the EDPB, the Guidelines aim to analyse various aspects of access and provide more accurate guidance on how the right of access should be implemented in multiple scenarios. Read more here.
Google releases a differential privacy tool to celebrate Data Privacy Day
On January 28, Google announced a new differential privacy tool to coincide with Data Privacy Day, which it says will allow businesses to better “tune the parameters used to produce differentially private information.” An example of applying a differential privacy model will be looking at a website’s most viewed web pages on a per-country basis in an aggregate and anonymised manner way. Read more here.
Italy: Garante fines Enel Energia €26.5M under GDPR for multiple data protection violations
The Italian data protection authority (Garante) fined an energy supplier company, Enel Energia, 26.5 million euros for its aggressive telemarketing under the General Data Protection Regulation (GDPR). According to the Italian DPA judgment, the company used users’ data without their consent and failed to respect the concept of accountability. According to the GDPR Enforcement Tracker, it is the sixth-largest fine imposed by an EU data regulator under the GDPR and the second-largest #penalty issued by the Italian data protection authority. Read more here.
Privacy Webinar Series “Cookie Compliance – Emerging Challenges And their Solutions”
Seers is hosting the privacy webinar on “Cookie Compliance – Emerging Challenges And their Solutions” on February 23 at 16:00 GMT with kay speakers:
Jamal Ahmed (Chief Executive Officer at Kazient Privacy Experts),
Miki Fainberg (Head of Privacy Operations at PrivacyTeam), and
Adnan Zaheer (Chief Executive Officer at Seers).
The aim of the webinar is to discuss the latest advancements and challenges related to cookie compliance, and their impact on businesses, especially on the AdTech industry. It will cover the topics related to:
- The IAB TCF Europe non-compliance with GDPR,
- Google & Facebook fined for violating cookie laws
- EDPB’s instructions on data subject’s right of access
Our expert will also present you with some solutions to address them while staying compliant with the updated cookie laws.
Please Register here
Request a free demo