Aug 02, 2022
In Welcome to the Arts Forum
The two main problems are that IAB has not requested sufficient consent for the TC String and that insufficient information was given about what happened to the personal data. The ruling in Belgium applies to all of Europe, because mutual agreements have been made about the enforcement of cross-border infringements. What does this mean? Cookies for advertising 80% of European websites would use IAB's cookie pop-up. IAB's system is, among other things, linked to a Real Time Bidding system, with which advertisements can be placed based on data from website visitors. Visitors are thus shown advertisements specifically aimed at them. The TC String is personal data IAB Europe used so-called Transparency and Consent Strings , or TC Strings. This is a string of characters with which the preferences of the website visitor are stored and passed on. This TC String and a cookie that is placed are linked to the IP job function email list address of the visitor. As a result, the TC String itself has also become personal data. Compare it, for example, with a license plate. The license plate itself doesn't say much. But as soon as you know whose name it is, that license plate has also become personal data. It is then no longer just a number, but you know who the number belongs to. Following IAB, a TC String is not personal data, as it is just a string of characters. The Belgian Data Protection Authority therefore thinks otherwise, because of the link to the IP address and a cookie. Consent is missing If personal data is processed or collected information, such as preferences, is linked to other personal data, permission is sometimes required. IAB believed that it was allowed to process the personal data on the basis of its legitimate interest. Sometimes it is indeed the case that you can make a balancing of interests, in which you weigh the privacy interests against the marketing interests.