Adtech industry body IAB Europe is facing down another data protection complaint from Brave browser bod Johnny Ryan, this time over the all-encompassing cookie wall stalking its site.
The complaint, filed today in Ryan’s home nation of Ireland, seeks to win a long-running argument between privacy activists and the tracking industry over methods employed to force users to choose between cookies and accessing a website.
On trying to enter the IAB’s site, users are faced with a total cookie wall, not just a banner, that requires them to click “I agree” to the use of cookies from IAB Europe and third parties in order to enter.
A notice says these cookies are for functional and analytic purposes, and that some of those deployed by third parties may be used for targeted advertising.
None shall pass. Not without cookies, at least
Ryan’s complaint contends that IAB’s cookie wall and the mode it uses to gain “consent” from users before they can access content on the site falls foul of the General Data Protection Regulation (GDPR) and the e-Privacy Directive.
Moreover, he argues that, as the body that designs the adtech industry’s data protection notices, the IAB has spread a notion that this kind of cookie wall is GDPR compliant – making it a systemic issue.
Ryan – who is also challenging the IAB over the amount of personal data transferred in real-time bidding ad auctions in a bid to fix the systems – wants to see the Irish Data Protection Commissioner not only crack down on the IAB’s processing of data collected through the cookie wall, but also launch a broader probe of the body’s compliance with data protection laws.
The submission follows a ruling last month from the Dutch data protection authority that stated using take-it-or-leave-it cookie walls didn’t collect freely given consent from users, because there isn’t a genuine choice – they have to accept tracking to enter the site.
At the time, the IAB’s Matthias Matthiesen said in a firey Twitter spat with Ryan and other privacy activists that there was “nothing in either the GDPR or the ePrivacy Directive that prohibits so-called cookie walls (or consent walls for that matter)”.
He went on to say that there was “nothing new to discuss” after the Dutch ruling, and wouldn’t be unless “the Court of Justice of the EU pipes up and introduces new relevant information to consider”.
By asking the Irish commissioner to step in, Brave’s Ryan has escalated the war of words to the authorities – and aims to make IAB Europe rethink its guidance to the multitude of organisations it works with.
“This complaint will make it plain that the media and advertising industry should not rely on IAB Europe for GDPR guidance,” Ryan said in a statement.
“IAB Europe has…