IAB Europe statement on media reports on supplementary submissions to EU data protection authorities by Brave
Brussels, 28 January 2019 – We have taken note of media reports regarding an update to complaints made by ad-blocking browser developer Brave and Polish activist group Panoptykon Foundation to a number of European data protection authorities.
As with previous submissions made by Brave et al., we believe that: (1) the complaints are fundamentally misdirected at IAB Europe or the IAB Tech Lab; and (2) they fail to demonstrate any breach of EU data protection law.
- Technical standards developed by IAB Tech Lab are intended to facilitate the effective and efficient functioning of technical online advertising processes, such as real-time bidding. IAB Europe’s Transparency & Consent Framework helps companies engaged in online advertising to meet certain requirements under EU data protection and privacy law, such as informing users about how their personal data is processed. The responsibility to use technologies and do business in compliance with applicable laws lies with individual companies.
- The Content Taxonomy Mapping document cited by the complainants does not, as Brave and Panoptykon seem to contend, demonstrate that taxonomies of data types that would qualify as special categories of personal data (and are subject to stricter protections under EU data protection law) are used by individual companies; nor can it be considered to prove or demonstrate that any companies making use of those taxonomies are doing so without complying with applicable EU data protection or other law.
The complaints are akin to attempting to hold road builders accountable for traffic infractions, such as speeding or illegal parking, that are committed by individual motorists driving on those roads. Using this analogy, the complainants’ purported finding that EU data protection law is being breached is comparable to someone pointing out that an automobile is technically capable of exceeding the speed limit, or parking in a restricted area, and adducing this fact as “evidence” that it actually does. A technical standard may be misused to violate the law or used in a legally compliant way, just as a car may be driven faster than the speed limit or driven at or below that limit. The mere fact that misuse is possible cannot reasonably be used as evidence that it is actually happening. And the whole purpose of the Transparency & Consent Framework is to ensure it does not.
More information may be obtained from Matthias Matthiesen, Director, Privacy & Public Policy, IAB Europe (email@example.com) or Helen Mussard, Marketing & Business Strategy Director, IAB Europe (firstname.lastname@example.org).