Blog
Week of September 27, 2021
October 3, 2021
–
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
EUROPE
EDPB Creates Cookie Banner Taskforce
The European Data Protection Board announced a taskforce to allow supervisory authorities to exchange views and coordinate responses to GDPR cookie banner complaints.
OUR TAKE
The creation of this taskforce comes after Austrian privacy watchdog None of Your Business (noyb) filed over 400 GDPR complaints across several jurisdictions alleging non-compliant cookie banners. Chapter 7 of the GDPR requires cooperation between supervisory authorities and calls on the Board to ensure the consistent application of the Regulation
IAB Europe Steps Up TCF Policy Enforcement
Digiday reported that the Interactive Advertising Bureau in Europe (IAB Europe) has, in the last six months, temporarily suspended “one or two” consent management platforms from participation in the association’s Transparency and Consent Framework (TCF). Participants are required to comply with certain policies to participate in TCF, and the association has reportedly been issuing warning letters and extending suspensions to non-compliant platforms.
OUR TAKE
Last month, the IAB Europe implemented its new TCF Vendor Compliance Program to start enforcing its policies against non-compliant adtech Vendors registered with the TCF. The Vendor policy, like the CMP policy, also allows for suspension in the event of uncured breach. The recent CMP enforcement in combination with the new Vendor policy sends a strong message to participants to take the policies seriously.
Italy DPA Investigates Microphone Data Collection for Ad Use
The Garante, Italy’s Data Protection Authority, announced that it has launched an investigation into the use of app users’ microphones to collect spoken information about users’ tastes, projects, travels or desires for purposes of serving targeted advertisements. The Authority will be examining a series of the most downloaded apps to ensure information provided to users is clear and transparent and that consent has been correctly acquired.
OUR TAKE
Although cookies have dominated the advertising industry’s privacy compliance focus, the Garante’s investigation highlights the importance of ensuring proper notice and consent is extended for all types of data collection related to an identified or identifiable person
USA
minnesota latest state to consider privacy act
The Minnesota House Commerce Finance and Policy Committee held an informational meeting to discuss HF1492, which would implement the Minnesota Consumer Data Privacy Act. The bill, if passed, would extend basic data privacy rights, such as the right to know, correct, and delete personal data, and the right to restrict “profiling” or usage.
It would also provide the rights to opt out of the processing of personal data for targeted advertising and the sale of personal data or profiling. Opt-in consent would be required for processing of certain sensitive data.
The informational meeting agenda included testimony from representatives of the Future of Privacy Forum, DLA Piper, and the Uniform Law Commission (all authors of the bill) as well the National Association of Advertisers and other interested parties. Informational documentation, including a research summary and written testimony from advertising and marketing trade associations, the Internet Association, and TechNet, among others, were made available leading up to the meeting.
The testimony from the ad trade organizations (IAB, NAI, DAA, ANA, AAF, 4A’s) suggested that the legislature narrow the opt-in requirement to only apply where the processing has significant effects on the consumer and add exclusions from the opt-out requirements for certain essential ad operations, such as ad delivery, reporting and fraud prevention, bringing the Act more in line with Colorado and Virginia privacy laws.
WHY IT MATTERS
The Minnesota House is adjourned until January 2022, so it will be some time until we see any action on this bill; however, this informational session, coupled with a companion bill in the Senate, demonstrates momentum to prioritize privacy legislation for 2022.
Former FTC Officials Encourage Privacy Funding
Former FTC officials testified at a U.S. Senate Commerce, Science and Transportation committee hearing regarding FTC resources for privacy enforcement.
The former officials all supported more resources at the FTC and a new bureau focused on privacy and data protection, with one former official stating that “The FTC is critically under-resourced to oversee the nation’s myriad or privacy and cybersecurity issues”, that “their resources pale in contrast to their counterparts in other countries” and that the proposals are “a strong step forward at providing the commission with new resources it needs desperately to effectively protect consumers in the digital economy.”
OUR TAKE
Several U.S. Senate Democrats have been pushing for FTC rulemaking and funding around privacy, as well as privacy legislation, from various angles in recent months, including through a letter to the FTC last month urging rulemaking around the collection and use of personal data in the digital economy, as well as promotion of the Build Back Better Act, which (among other things) would extend $1 billion to the FTC for privacy rulemaking and enforcement. The Build Back Better Act, a budget reconciliation bill with implications far beyond the FTC, is reportedly caught up in intra-party debate among House Democrats.
Watchdog Proposes Banning Surveillance Advertising
Accountable Tech, a nonprofit watchdog, filed a petition with the FTC encouraging the agency to prohibit “surveillance advertising” as an unfair method of competition.
Accountable Tech defined surveillance advertising as consisting of two elements: (1) an information or communication platform collecting personal data and (2) targeting advertisements at users, based on that personal data, as they traverse the internet, including other digital platforms.
The organization suggested that, under their proposal, search and contextual advertising would be legitimate, while digital information and communication services would be barred from either collecting or (alternatively) sharing personal data for the purpose of determining to whom advertisements would be displayed.
OUR TAKE
Although the FTC has demonstrated some heightened attention to data protection in the digital advertising industry in recent months, it has resolved to focus its rulemaking and enforcement authority on certain core priority areas, such as dark patterns, algorithmic bias, conduct harmful to children, and monopolistic practices, which demonstrates a narrower and more nuanced approach than that proposed by Accountable Tech.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
FTC and Sensitive Location Data; New Pen Register Class Actions
December 9, 2024FTC takes action against the sale of sensitive data...
California CPPA Issues Notice of Proposed Rulemaking
November 25, 2024News out of California this week. The CPPA moved...
Mitigating risk under the Video Privacy Protection Act (VPPA)
November 23, 2024Because VPPA is just one of many tools being...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.