Blog

IAB Europe files challenge to APD validation of action plan

Julie Rubash, Chief Privacy Counsel
February 13, 2023

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

UNITED STATES


Biden Calls for Limits on Targeted Ads; IAB Issues Cautionary Response

In his State of the Union Address, U.S. President Biden called for bipartisan support to ban targeted advertising online for children and young people, to enact strong protections for childrens’ privacy, health and safety online, and to impose strong limits on targeted advertising and the personal data that companies collect on all Americans.

In response, the Interactive Advertising Bureau (IAB) Executive Vice President for Public Policy Lartease Tiffith issued a statement supporting data privacy, protecting kids online, and punishing bad actors, but warning that “blaming data and technology for complex problems, and restricting or eliminating digital advertising, could severely diminish the benefits of the internet for everyone.”

CONTEXT

Tiffith issued a similar statement in July 2022 in response to the House Energy and Commerce Committee’s passage of the American Data Privacy and Protection Act (ADPPA), which would have prohibited the collection or processing of “information identifying an individual’s online activities over time and across third party websites or online services” except for certain permitted purposes that did not include targeted advertising.

Tiffith stated that the IAB could not support the bill, emphasizing that “the average internet user enjoying speed and convenience would encounter a less friendly online environment” if such heavy regulations on targeted advertising were imposed. 


3 More States Introduce Comprehensive Privacy Bills, While Indiana Advances

TexasMinnesota and Maryland introduced comprehensive privacy legislation last week, bringing the total number of states with active comprehensive privacy legislation to 16 (with one, Mississippi, dropping off). All three new bills largely resemble existing privacy laws, although both the Minnesota and Maryland bills include a private right of action.

Maryland also saw introduction of a Children’s data bill, following a growing trend of states following in the footsteps of California’s Age Appropriate Design Code. Meanwhile, the Indiana Senate unanimously passed comprehensive privacy bill SB 5.

CONTEXT

Indiana SB 5, which resembles Virgnia’s VCDPA, was the early leader last year (as SB 358) as well.

Indiana was the first state in 2022 to advance a comprehensive privacy bill both past committee and through one chamber.

Ultimately though, the bill never reached a vote on the House floor and saw no activity after mid February.     

EUROPE


IAB Europe Seeks Action Plan Enforcement Stay, Pending CJEU Decision

IAB Europe announced that it has made a formal request to the Belgian Market Court to prevent the Belgian Data Protection Authority (APD) from enforcing changes to the IAB Europe’s Transparency and Consent Framework (TCF), pending a ruling from the Court of Justice of the European Union (CJEU).

This request comes in response to a January 2023 announcement from the APD approving IAB Europe’s action plan, triggering a 6-month timeline to implement changes to the TCF, despite that two questions fundamental to the underlying merits of the case are still pending with the CJEU.

IAB Europe argues that, if the CJEU finds that IAB Europe is not a controller or that the TCF’s Transparency and Consent String is not personal data (the two questions pending before the CJEU), the steps in the action plan premised on those findings would have to be rolled back, which would result in wasted resources and misled consumers. 

NEXT STEPS

If IAB Europe’s request is granted, the July 11, 2023 deadline to implement the action plan will cease to apply, pending the CJEU decision, which is not expected until late 2023 or 2024.

In the meantime, IAB Europe has said that it will move ahead with positive changes to the TCF that are less impacted by the referral to the CJEU. 

Follow our updates on the Belgian DPA and the TCF


EU Parliament Stresses Importance of Regulating Political Ad Targeting

The European Parliament issued a statement warning of the potential harms from political advertising, including the processing of sensitive personal data for political micro-targeting, and supporting EU rules on political advertising.

The Statement noted that political micro-targeting has been found to affect people’s rights, including freedom of opinion, access to objective, transparent and pluralistic information, and their ability to make political decisions. 

NEXT STEPS

The EU Parliament says it aims to reach an agreement on complementary rules to prevent abusive political advertising in time for the 2024 European elections. 

GLOBAL

Meta Fined in South Korea for Blocking Users Who Don’t Consent

The South Korea Personal Information Protection Commission (PIPC) reportedly imposed a 6.6 million won penalty on Meta based on allegations that Meta was blocking people from using Facebook and Instragram services if they refused consent to the collection of behavioral information and activities across unaffiliated websites.

The PIPC found this practice to violate South Korea’s Personal Information Protection Act, because the information was not necessary to provide Facebook and Instagram services, the purpose for which, PIPC found, “is for users to know news about and communicate with friends, not to view customized advertisements.”

BACKGROUND

This fine comes on the heels of a previous 30.8 billion won fine against Meta issued in late 2022, based on Meta’s failure to obtain user consent to collect personal information for online targeted ads.   

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

New Privacy Requirements Took Effect October 1 In Three States

October 7, 2024

New Privacy Requirements Took Effect In Montana, Maryland &...

[WEBINAR] Consent is not enough: Protecting against new U.S. privacy litigation risks

October 2, 2024

Join Sourcepoint and privacy litigation expert Matthew Pearson, Partner...

How Haymarket Uses Sourcepoint to Manage Vendor Compliance

October 1, 2024

Haymarket sought to elevate their level of compliance by...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]