• PRO
  • Events
  • About Blog Popular
  • Login
  • Register
  • PRO
  • Resources
    • Latest updates
    • Q&A
    • In-depth
    • In-house view
    • Practical resources
    • FromCounsel New
    • Commentary
  • Resources
  • Research
    • Legal research hub
    • Primary sources
    • Scanner: regulatory tracking
    • Lexy: powerful AI search
    • Research reports
    • Explore all
  • Research
  • Learn
    • All
    • Webinars
    • Videos
  • Learn
  • Experts
    • Find experts
    • Influencers
    • Client Choice New
    • Firms
    • About
    Introducing Instruct Counsel
    The next generation search tool for finding the right lawyer for you.
  • Experts
  • My newsfeed
  • Events
  • About
  • Blog
  • Popular
  • Legal research hub
  • Primary sources
  • Scanner: regulatory tracking
  • Lexy: powerful AI search
  • Research reports
  • Explore all
  • Find experts
  • Influencers
  • Client Choice New
  • Firms
  • About
Introducing Instruct Counsel
The next generation search tool for finding the right lawyer for you.
  • Compare
  • Topics
  • Interviews
  • Guides

Analytics

Review your content's performance and reach.

  • Analytics dashboard
  • Top articles
  • Top authors
  • Who's reading?

Content Development

Become your target audience’s go-to resource for today’s hottest topics.

  • Trending Topics
  • Discover Content
  • Horizons
  • Ideation

Client Intelligence

Understand your clients’ strategies and the most pressing issues they are facing.

  • Track Sectors
  • Track Clients
  • Mandates
  • Discover Companies
  • Reports Centre

Competitor Intelligence

Keep a step ahead of your key competitors and benchmark against them.

  • Benchmarking
  • Competitor Mandates
Home

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Register now for your free, tailored, daily legal newsfeed service.

Questions? Please contact [email protected]

Register

What Companies Can Learn From CNIL’s Privacy Consent Cases on Targeted Marketing
Blog Global Privacy and Security Compliance Law Blog

Latham & Watkins LLP

To view this article you need a PDF viewer such as Adobe Reader. Download Adobe Acrobat Reader

If you can't read this PDF, you can view its text here. Go back to the PDF .

European Union, France March 26 2019

The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR.

Four French advertising technology companies that received a warning in 2018 from the French Data Protection Authority (CNIL) have all implemented the regulator’s required changes. The recent closure of the cases highlights opportunities for businesses at all layers of the adtech value chain to address emerging compliance challenges.

The companies — Fidzup, Teemo, Singlespot, and Vectaury — collect geolocation data for targeted advertising purposes via third-party apps. Initially, the French regulator found that they had failed to obtain an informed, freely given, and specific consent from app users, since:

  • The information provided was insufficient, as it was unclear, used complex terms, and was difficult to access.
  • The consent was not based on an affirmative declaration, as the options were pre-ticked.
  • Users were not asked to consent to the processing of their geolocation data specifically.

Whilst the requirements imposed by the CNIL may have appeared at first sight unduly burdensome to the adtech industry, they are unsurprising since they strictly align with the CNIL’s interpretation of the obligations under the General Data Protection Regulation (EU) 2016/679 (GDPR).

These cases provide helpful guidance to other adtech companies that are developing privacy compliance strategies. In particular, such companies should:

  • Not rely on the sole contractual commitments made by the app providers to collect valid consent, but rather provide for concrete and precise obligations as to how the consent should be obtained from data users (e.g., by agreeing on a banner template to be displayed at the installation of the app)
  • Control if such banner template is actually displayed in practice, if necessary by carrying out an audit
  • Provide users with complete and clear information (including the name of the data controller) at the installation of the app, before the collection process actually begins
  • Enable users to choose the different purposes of processing at the first layer (and not only via the preferences page, in the app settings)

For a full client briefing, see Latham’s Client Alert.

This article is made available by Latham & Watkins for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your receipt of this communication alone creates no attorney client relationship between you and Latham & Watkins. Any content of this article should not be used as a substitute for competent legal advice from a licensed professional attorney in your jurisdiction.

Latham & Watkins LLP - Myria Saarinen and Elise Auvray

Back Forward
  • Save & file
  • View original
  • Forward
  • Share
    • Facebook
    • Twitter
    • Linked In
  • Follow
    Please login to follow content.
  • Like
  • Instruct

add to folder:

  • My saved (default)
  • Read later
Folders shared with you

Filed under

  • European Union
  • France
  • IT & Data Protection
  • Media & Entertainment
  • Latham & Watkins LLP

Laws

  • GDPR

Organisations

  • National Commission on Information and Liberties (France)

Popular articles from this firm

  1. Neue Leitlinien zur Bußgeldberechnung für DSGVO-Verstöße: Welche Risiken drohen (vor allem größeren) Unternehmen in der Praxis? *
  2. Schemes and Restructuring Plans: Where Are We Now? *
  3. EuGH gibt Rückenwind für Datenschutz-Sammelklagen *
  4. UK and European Restructuring Tools: Choosing the Optimal Forum for Creditor and Shareholder Cramdown *
  5. Sanctions and Export Controls Update: US, UK, and EU Developments Relating to Russia *

If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].

Powered by Lexology
Primary sources PRO
  • Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR)

    • View in Primary sources

More from Global Privacy and Security Compliance Law Blog

  1. New Cyber Incident Reporting Requirements on the Horizon in the US
  2. Utah Consumer Privacy Act: Fourth US State Enacts Comprehensive Data Privacy Legislation
  3. UAE Publishes First Federal Data Protection Law
  4. CNIL Publishes White Paper on Digital Payments and Data Privacy
  5. EDPB Issues New Guidance on Storing Credit Card Data for Future Purchases

Related practical resources PRO

  • Checklist Checklist: Data subject access rights under the GDPR (UK)
  • Checklist Checklist: Lawful processing of personal data under the GDPR (UK)
  • Checklist Checklist: What to include in your organisation’s privacy notice (UK)

Related research hubs

  • GDPR
  • France
  • European Union
  • Media & Entertainment
  • IT & Data Protection
Back to Top
Resources
  • Daily newsfeed
  • Commentary
  • Q&A
  • Research hubs
  • Learn
  • In-depth
  • Lexy: AI search
Experts
  • Find experts
  • Legal Influencers
  • Firms
  • About Instruct Counsel
More
  • About us
  • Blog
  • Events
  • Popular
Legal
  • Terms of use
  • Cookies
  • Disclaimer
  • Privacy policy
Contact
  • Contact
  • RSS feeds
  • Submissions
 
  • Login
  • Register
  • Follow on Twitter
  • Follow on LinkedIn

© Copyright 2006 - 2022 Law Business Research

Law Business Research