"Cookiebanner" violating regulations ?!
Posted: Thu Mar 31, 2022 5:38 pm
On the 2nd February 2022 Belgiums Authority for Data Protection decided, that Cookiebanners are violating the GDPR.
The Authority punished the organization IAB Europe (which has developed the underlying framework TCF several years ago) with a fine of 250.000,- Euro.
The decision: https://www.autoriteprotectiondonnees.b ... nglish.pdf
IAB itself has appealed against that decision: https://iabeurope.eu/all-news/iab-europ ... ty-ruling/
In detail, the Inspection Service finds that IAB Europe is in breach of the following legal provisions
and principles of the GDPR with its Transparency and Consent Framework:
▪ Articles 5.1.a and 5.2 (principles of fairness, transparency and accountability)
▪ Article 6.1 (lawfulness of processing);
▪ Article 9.1 and 9.2 (processing of special categories of personal data);
▪ Article 12.1 (transparency of information, communications and modalities for
exercising data subjects' rights);
▪ Article 13 (information to be provided when personal data have been obtained from
the data subject);
▪ Article 14 (information to be provided when personal data have not been obtained
from the data subject);
▪ Article 24.1 (responsibility of the data controller);
▪ Articles 32.1 and 32.2 (security of processing)
Outside the scope of the complaints, the Inspection Service also finds additional
infringements of the following provisions of the GDPR:
▪ Article 30 (register of processing activities);
▪ Article 31 (cooperation with the supervisory authorities);
▪ Article 24.1 (responsibility of the data controller);
▪ Article 37 (appointment of a data protection officer.
Article about that all (in German): https://www.zeit.de/digital/2022-03/coo ... atenschutz
The Authority punished the organization IAB Europe (which has developed the underlying framework TCF several years ago) with a fine of 250.000,- Euro.
The decision: https://www.autoriteprotectiondonnees.b ... nglish.pdf
IAB itself has appealed against that decision: https://iabeurope.eu/all-news/iab-europ ... ty-ruling/
In detail, the Inspection Service finds that IAB Europe is in breach of the following legal provisions
and principles of the GDPR with its Transparency and Consent Framework:
▪ Articles 5.1.a and 5.2 (principles of fairness, transparency and accountability)
▪ Article 6.1 (lawfulness of processing);
▪ Article 9.1 and 9.2 (processing of special categories of personal data);
▪ Article 12.1 (transparency of information, communications and modalities for
exercising data subjects' rights);
▪ Article 13 (information to be provided when personal data have been obtained from
the data subject);
▪ Article 14 (information to be provided when personal data have not been obtained
from the data subject);
▪ Article 24.1 (responsibility of the data controller);
▪ Articles 32.1 and 32.2 (security of processing)
Outside the scope of the complaints, the Inspection Service also finds additional
infringements of the following provisions of the GDPR:
▪ Article 30 (register of processing activities);
▪ Article 31 (cooperation with the supervisory authorities);
▪ Article 24.1 (responsibility of the data controller);
▪ Article 37 (appointment of a data protection officer.
Article about that all (in German): https://www.zeit.de/digital/2022-03/coo ... atenschutz