Blog
TikTok Pauses Legitimate Interest for Targeted Ads After Warning from DPAs
July 18, 2022
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
EUROPE
TikTok Pauses Legitimate Interest for Targeted Ads After Warning from DPAs
TikTok has reportedly agreed to pause planned updates to its privacy policy that would have claimed legitimate interest for targeted advertising without consent.
Italy’s DPA, the Garante, issued a warning to TikTok that the change would violate the ePrivacy Directive and GDPR, and the Irish Data Protection Commission has reportedly engaged with TikTok regarding the change.
WHY IT MATTERS
Legitimate interest is one legal basis for processing under the GDPR, which can only be relied upon where:
(a) the processing is necessary for legitimate interests pursued by the controller or by a third party; and
(b) such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
In determining whether legitimate interest can apply, controllers are expected to carry out a careful assessment, including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.
The GDPR also grants data subjects the right not to be subject to certain decisions based on automated processing, including profiling, without the data subject’s consent, unless necessary for performing a contract or unless authorized by Member State law.
In addition to GDPR, in jurisdictions where the ePrivacy Directive has been adopted, organizations may be unable to rely on legitimate interest as a legal basis for the use of non-strictly-necessary cookies or other local storage, even if legitimate interest would have been an acceptable legal basis under GDPR.
According to the Garante’s warning, TikTok’s administration of personalized commercial advertising, at least to the extent based on information stored on the user’s device, cannot legally be based on legitimate interest under the ePrivacy Directive, and to the extent the processing constitutes automated decision-making or profiling, cannot be based on legitimate interest under the GDPR.
EU Parliament Holds Hearing on Targeted Political Advertising
The European Parliament’s Committees on Internal Market and Consumer Protection and Civil Liberties Justice and Home Affairs held a joint hearing on transparency and targeting of political advertising.
The purpose of the hearing was to determine how to structure rules around political advertising, including whether to ban targeting outright and the extent to which online platforms should be held accountable.
Testimony in favor of banning or restricting political advertising stressed that political advertisements were malicious and manipulative, that some algorithms were designed with bias to reinforce user views, that Cambridge Analytica operated to rig the Brexit referendum process, and that clear definitions of what data can be stored and used are necessary.
WHY IT MATTERS
The hearing came in response to a proposal for a regulation on the transparency and targeting of political advertising, which proposes rules that would apply to all controllers making use of targeted political advertising.
If approved, the regulation would enter into force by April 2023, a year before the 2024 elections to the European Parliament.
ICO Rolls Out 3-Year Strategic Plan
The UK Information Commissioner’s Office (ICO) published a report titled ICO25 detailing the ICO’s strategic plan for the next three years.
The plan focuses on empowering people, including looking at predatory marketing calls, algorithms in the benefits system, AI in recruitment, and children’s privacy.
The plan also emphasizes certainty and flexibility for businesses.
WHY IT MATTERS
Of note to the digital advertising industry, the plan’s Annual Action Plan for October 2022 to October 2023 includes influencing the phasing out of third-party cookies, working to give web users meaningful control over how they are tracked online, moving away from cookie pop-ups, and exploring the use of targeted advertising of gambling on social media.
USA
FTC Issues Statement re Sensitive Data / Anonymization / Misuse
A post on the Federal Trade Commission’s business blog made clear its commitment to “vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data”.
The post cautioned that making claims about anonymization can be a deceptive trade practice if untrue, for example if the data can be re-identified, especially in the context of location data.
The post also reminded companies of recent cases against OpenX, Weight Watchers and CafePress for, respectively, collecting children’s location data without parental consent, indefinitely retaining sensitive consumer data and failing to respect consumer deletion requests.
WHY IT MATTERS
This post is consistent with the FTC’s 2021 resolutions committing to focus its enforcement efforts on certain core areas of focus, including acts or practices affecting children and deceptive and manipulative conduct on the Internet.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
FTC and Sensitive Location Data; New Pen Register Class Actions
December 9, 2024FTC takes action against the sale of sensitive data...
California CPPA Issues Notice of Proposed Rulemaking
November 25, 2024News out of California this week. The CPPA moved...
Mitigating risk under the Video Privacy Protection Act (VPPA)
November 23, 2024Because VPPA is just one of many tools being...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.