• Login
  • Register
  • PRO
    • Explore all PRO content
    • PRO subscription plans
    • Curated articles
    • In-depth
    • Market intelligence
    • Practice guides
    • Lexology GTDT
    • Ask Lexy
  • PRO
  • Latest
  • GTDT
  • Research
  • Learn
  • Webinars
  • Instruct
  • Store
  • Blog
  • Events
  • Popular
  • Influencers
  • About
  • Compare
  • Topics
  • Intelligence
  • Guides
Getting The Deal Through joins Lexology
GTDT and Lexology Navigator have merged

CONTENT DEVELOPMENT

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics New
  • Discover Content
  • Horizons Beta
  • Ideation

CLIENT INTELLIGENCE

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates New
  • Discover Companies
  • Insight Reports

COMPETITOR INTELLIGENCE

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates Coming soon

Lexology PRO

Power up your legal research with modern workflow tools, AI conceptual search and premium content sets that leverage Lexology's archive of 900,000+ articles contributed by the world's leading law firms. 

Explore all PRO content

Premium content

  • Curated articles
  • In-depth
  • Market intelligence
  • Practice guides

Analysis tools

  • Lexology GTDT
  • Ask Lexy
Explore all PRO content
PRO subscription plans
  • About
  • Find experts
  • Firms
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact customerservices@lexology.com

Register

What Companies Can Learn From CNIL’s Privacy Consent Cases on Targeted Marketing
Blog Global Privacy and Security Compliance Law Blog

Latham & Watkins LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

European Union, France March 26 2019

The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR.

Four French advertising technology companies that received a warning in 2018 from the French Data Protection Authority (CNIL) have all implemented the regulator’s required changes. The recent closure of the cases highlights opportunities for businesses at all layers of the adtech value chain to address emerging compliance challenges.

The companies — Fidzup, Teemo, Singlespot, and Vectaury — collect geolocation data for targeted advertising purposes via third-party apps. Initially, the French regulator found that they had failed to obtain an informed, freely given, and specific consent from app users, since:

  • The information provided was insufficient, as it was unclear, used complex terms, and was difficult to access.
  • The consent was not based on an affirmative declaration, as the options were pre-ticked.
  • Users were not asked to consent to the processing of their geolocation data specifically.

Whilst the requirements imposed by the CNIL may have appeared at first sight unduly burdensome to the adtech industry, they are unsurprising since they strictly align with the CNIL’s interpretation of the obligations under the General Data Protection Regulation (EU) 2016/679 (GDPR).

These cases provide helpful guidance to other adtech companies that are developing privacy compliance strategies. In particular, such companies should:

  • Not rely on the sole contractual commitments made by the app providers to collect valid consent, but rather provide for concrete and precise obligations as to how the consent should be obtained from data users (e.g., by agreeing on a banner template to be displayed at the installation of the app)
  • Control if such banner template is actually displayed in practice, if necessary by carrying out an audit
  • Provide users with complete and clear information (including the name of the data controller) at the installation of the app, before the collection process actually begins
  • Enable users to choose the different purposes of processing at the first layer (and not only via the preferences page, in the app settings)

For a full client briefing, see Latham’s Client Alert.

This article is made available by Latham & Watkins for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your receipt of this communication alone creates no attorney client relationship between you and Latham & Watkins. Any content of this article should not be used as a substitute for competent legal advice from a licensed professional attorney in your jurisdiction.

Latham & Watkins LLP - Myria Saarinen and Elise Auvray
Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • European Union
  • France
  • IT & Data Protection
  • Media & Entertainment
  • Latham & Watkins LLP

Tagged with

  • GDPR
  • CNIL

Popular articles from this firm

  1. Council of EU Adopts ESG Disclosure and Benchmarks Legislation *
  2. Private Bank Briefing: Issues Impacting the Private Bank Sector - December 2019 *
  3. EU Issues New Sustainable Investment Disclosure Rules *
  4. Fund-to-Fund Transfers on the Rise as Deal Flow Slows *
  5. Review of the EU Benchmarks Regulation *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email enquiries@lexology.com.

Powered by Lexology

More from Global Privacy and Security Compliance Law Blog

  1. RuNet Law Comes Into Force: What Is Next
  2. Updates: UK ICO Statements on Adtech and Real Time Bidding
  3. Adtech and Real Time Bidding in the Regulatory Crosshairs
  4. China Issues New Cybersecurity Law to Protect Children
  5. How Are European Supervisory Authorities Exercising Cooperation and Consistency In Practice?

Featured Video

Gernot Fritz
4:17 min

Gernot Fritz

Freshfields Bruckhaus Deringer

The recipe for a compliant cookie policy
Watch now

Related topic hubs

  1. GDPR
  2. France
  3. European Union
  4. Media & Entertainment
  5. IT & Data Protection

Related European Union articles

  1. GDPR Notice and Consent Compliance Implications on the AdTech Industry and Beyond *
  2. CNIL casts doubt on IAB-style consent Management Platforms *
  3. The Goldilocks Problem: AdTech and other complex processing *

Related international articles

  1. CNIL vs. Google: 10 lessons from the largest data protection fine ever issued * - France
  2. CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting * - USA
  3. The French Data Protection Authority Gets Ahead of the Game With New Rules on Cookie Consent Before the ePrivacy Regulation Reaches its Final Draft * - France
How Yee Loh
In-house Counsel
Kuok Group
What our clients say

"Lexology is a good barometer of a firm's expertise as the articles showcase a firm's understanding of the issues involved and how up to date their knowledge is. It's a good one stop solution where one is able to view the same law/cases from different perspectives; on the whole I would rate Lexology as a good service."

Back to Top
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
  • GDPR compliance
  • RSS feeds
  • Contact
  • Submissions
  • About
  • Login
  • Register
  • Follow on Twitter
  • Search
Law Business Research

© Copyright 2006 - 2019 Law Business Research