It's not just US Big Tech that's under fire for online privacy violations in connection with advertising and marketing. French digital advertising company Criteo has recently been fined €100,000 by the French data protection regulator for violating the EU's data privacy rules.
The regulator found that Criteo's tracking cookie gathered data on internet users without their consent. The EU's privacy rules require companies to obtain explicit consent from users before collecting and using their personal data. Although website operators are primarily responsible for obtaining that consent, Criteo failed to take any steps to ensure that its partners were complying with the regulations. The regulator's investigation found that Criteo's tracking code had been placed on partner websites without obtaining user consent.
Why It Matters
This is a significant blow to Criteo, which specializes in personalized online advertising. The company's business model relies heavily on tracking user data to serve targeted ads. Criteo has stated that it will appeal the decision and is currently reviewing its practices to ensure privacy compliance.
The decision points out the necessity of understanding your business partner's practices as well as your own: if two companies jointly use data, especially for marketing and advertising purposes, the responsibility may fall on both of them to use it correctly and to have the proper consents or other guardrails in place.