IAB Europe fails to answer Irish Data Protection Commission
IAB Europe fails to answer questions from Irish Data Protection Commission arising from formal GDPR complaint by Brave’s Dr Ryan against IAB Europe’s “forced consent” and consent walls.
Dublin, Ireland, 9 August 2019 —- Today, the Irish Data Protection Commission informed Dr Johnny Ryan of Brave, the private web browser, that IAB Europe has failed to respond to its questions concerning his GDPR complaint against IAB Europe’s unlawful cookie wall.
Despite multiple attempts to obtain a response, IAB Europe has failed to reply to the Irish Data Protection Commission.
Simon McGarr of McGarr Solicitors, who are acting for Dr. Ryan, said: “It is both surprising and concerning that the body representing internet advertisers at an EU level simply ignored multiple formal contacts from the Irish Data Protection Commission.
Our client’s complaint represents a significant challenge to the IAB. That their first response has been a blunt refusal or failure to engage with the regulatory process does not engender confidence them as a model of data protection compliance for their members.”
IAB Europe has put itself forward as a primary designer of the online tracking industry’s data protection notices, creating the deeply flawed “IAB Transparency and Consent Framework”.
IAB Europe has also issued incorrect guidance to major media organizations, tracking companies, and advertising technology companies, wrongly asserting that they can lawfully force visitors to their sites to consent to 3rd party tracking.
“It is now clear the advertising industry cannot rely on IAB Europe for GDPR guidance”, said Dr Ryan. “IAB Europe’s own website infringes the GDPR as soon as one visits it, and it refuses to answer formal contacts from GDPR regulators”.
The Irish Data Protection Commission has now transferred the complaint to the Belgian Data Protection Authority under the GDPR “One Stop Shop” mechanism. The Belgian Data Protection Authority will attempt to make contact directly with IAB, and will update the Irish DPA on what response they receive. Under the GDPR, the Belgian Data Protection Authority has the power to compel answers from IAB Europe.
See more detail about the formal complaint against IAB Europe’s cookie wall here: https://brave.com/iab-cookie-wall/
This is the second formal GDPR complaint made by Dr Ryan of Brave against IAB Europe. Separately, he has initiated a series of GDPR complaints against the IAB and Google’s online advertising auctions “RTB” system. The RTB system broadcasts Internet users web browsing information among thousands of companies. The RTB complaints now extend to 16 European countries, in collaboration with NGOs across the European Union. So far, this has triggered a statutory investigation of Google on suspicion of infringement of the GDPR, and the UK ICO has closely echoed Dr Ryan’s expert report in its own report on unlawful data use by adtech companies.