Complaint lodged over ‘online barrier’ to advertising lobbyist’s website

Submission to data protection body relates to ‘cookie wall’ that blocks users from IAB Europe site unless they give permissions

A formal complaint has been lodged with the Data Protection Commissioner (DPC) against the main European lobbyist for the online advertising industry.

The complaint against the Interactive Advertising Bureau Europe (IAB Europe) was made by Dr Johnny Ryan, who works as chief policy and industry officer for privacy-oriented web browser Brave.

It relates to a so-called cookie wall, an online barrier that prevents users from accessing the IAB Europe website unless they give certain permissions. According to the complaint, this forces web users to accept tracking of their behaviour on the site by Google, Facebook and others.

Dr Ryan has argued this is a breach of the stringent General Data Protection Regulations (GDPR), the Europe-wide rules introduced last May that govern the use of personal data online.


“One should not be forced to accept web-wide profiling by unknown companies as a condition of access to a website. This would be like Facebook preventing you from accessing the Newsfeed until you have clicked a button permitting it to share your data with Cambridge Analytica,” he said.

According to the complaint, “IAB Europe does not provide infromation about what data are collected for what purpose, and what legal basis is relied on for that purpose”.

The Brussels-based IAB Europe counts among its members some of the largest media companies in the world, including 21st Century Fox, BBC Worldwide and CNN, alongside a host of advertising technology companies and online heavyweights such as Google, Microsoft and eBay.

As well as challenging the use of the ‘cookie wall’, the complaint to the DPC has asked the regulator to examine the guidance given by IAB Europe to the advertising industry on the GDPR. According to the complaint, IAB Europe has told major media organisations, tracking companies and advertising technology outfits that they can “sidestep” the GDPR and rely instead on the less-onerous ePrivacy Directive.

Solicitor Simon McGarr, who is acting on behalf of Dr Ryan, said companies must rely on more than a “box ticking exercise” when they process data. “For consent to be valid, it must be freely given, informed, specific and unambiguous. There’s nothing intrinsically good or bad in cookie technology - what matters is ensuring it’s applied in a way which respects individual’s rights,” he said.

A spokeswoman for IAB Europe rejected Mr Ryan’s complaints describing them as part of an “ongoing PR campaign against the digital advertising industry”.

She said: “Neither the GDPR or ePrivacy Directive prohibit a website operator from making access to their website conditional on consent for cookies and/or any data processing associated with it.

“Considering all relevant provisions of the law, IAB Europe is confident that the way it obtains consent for the use of cookies on its website complies with the requirements of the law.”

She added: “IAB Europe is a not-for-profit organisation that works closely with government, regulators and all parts of the digital advertising industry, to ensure regulation is fit-for-purpose and then implemented correctly. Whilst we will address these latest complaints in the appropriate manner, they will not distract us from this primary goal.”

The complaint comes after it emerged that tracking technology is widespread across almost all Irish Government department and local authority websites.

Research first published this week by The Irish Times showed every website, apart from one, had some level of tracking software installed.

Jack Horgan-Jones

Jack Horgan-Jones

Jack Horgan-Jones is a political reporter with The Irish Times