A significant court ruling from Belgium has caused a stir in the European advertising industry: the collection of user data via so-called cookie banners to display personalised advertising is not compatible with the General Data Protection Regulation (GDPR). The European Court of Justice had previously ruled that the generated ‘consent string’ - a digital code that stores user decisions on data processing - must be categorised as personal data.
The technology behind it, the "Transparency and Consent Framework" (TCF), was developed by the industry association IAB Europe and is still the basis of many advertising systems in the EU today. However, the procedure is now finally on shaky ground: The Belgian judges came to the conclusion that data was collected via this system without a legally viable basis - and that those affected were not sufficiently informed about its use.
Although a fine previously imposed on the association was cancelled for formal reasons, the substantive assessment remains in place: The use of the previous framework violates applicable data protection law. Although IAB Europe has announced a revised version, companies that relied on the old system could still face sanctions in future. This is because practically every targeted advert in the EU has so far been based on this technology - with unclear legal consequences.
Source: www.onlinehaendler-news.de