Targeted Advertising

Watchdog to Investigate Mobile Payment Provider Over Its Use of Purchase History for Targeted Advertising

By Kristof Van Quathem & Anna Sophia Oberschelp de Meneses on March 19, 2025

Posted in Advertising & Marketing, European Union, GDPR

On March 18, 2025, the Norwegian Consumer Council asked the Norwegian Supervisory Authority to investigate a payment app provider for using consumers’ purchase history for targeted advertising. Continue Reading Watchdog to Investigate Mobile Payment Provider Over Its Use of Purchase History for Targeted Advertising

EDPB Publishes Draft Guidelines on the Targeting of Social Media Users

By Dan Cooper & Shona O'Donovan on September 29, 2020

Posted in Advertising & Marketing, Data Privacy, EU Data Protection, European Union, Online, Online Targeting

On 7 September 2020, the European Data Protection Board (“EDPB”) adopted draft guidelines on the targeting of social media users (the “Guidelines”). The Guidelines aim to clarify the roles and responsibilities of social media providers and “targeters” with regard to the processing of personal data for the purposes of targeting social media users.
Continue Reading EDPB Publishes Draft Guidelines on the Targeting of Social Media Users

EDPB Begins Consultation on New Guidelines on Use of the “Performance of a Contract” GDPR Legal Basis by Online Services

By Inside Privacy on April 17, 2019

Posted in Advertising & Marketing, Data Privacy, EU Data Protection, European Union

On 9 April 2019, the European Data Protection Board (“EDPB”) adopted new guidelines “on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.”

In general, the GDPR requires that processing of personal data be justified under a legal…
Continue Reading EDPB Begins Consultation on New Guidelines on Use of the “Performance of a Contract” GDPR Legal Basis by Online Services

China Releases Draft Amendments to the Personal Information Protection Standard

By Yan Luo on February 11, 2019

Posted in China, Cross-Border Transfers

On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment. The comment period ends on March 3.

Although not legally binding, the Standard has been highly influential since becoming effective in May 2018, as it set out the best practices expected by Chinese regulators (see our previous blogpost on the Standard here). The Standard has been widely used by companies to benchmark their compliance efforts in China.

The draft amendments reflect Chinese regulators’ evolved thinking on a number of important topics that are hotly debated around the world, such as enhanced notice and consent requirements and requirements for target advertising. The draft amendments would also introduce new requirements for third party access to data and revise notification requirements for data beaches, among other proposed changes.
Continue Reading China Releases Draft Amendments to the Personal Information Protection Standard

CNIL imposes GDPR-consent in online advertising space

By Kristof Van Quathem & Anna Sophia Oberschelp de Meneses on November 16, 2018

Posted in Advertising & Marketing, Data Privacy, EU Data Protection

On November 9, 2018, the French Supervisory Authority for Data Protection (known as the “CNIL”) announced that it issued a formal warning (available here) ordering the company Vectaury to change its consent experience for customers and purge all data collected on the basis of invalid consent previously obtained.

…
Continue Reading CNIL imposes GDPR-consent in online advertising space