Numerous parties to which Noyb made a request for access to tracking cookies did not comply. This violates several articles in European privacy law. For this reason, the Austrian privacy foundation filed a series of complaints with the Italian regulator.
That leaves Noyb announced in a press release (1).
Cookies are information files placed on a computer when someone visits a Web site. There are all kinds and flavors: think functional cookies, analytical cookies, third-party cookies and tracking cookies.
The latter variant is the most notorious, because it invades your privacy in the most intrusive way. This is because tracking cookies keep track of exactly which websites you visit and what searches you perform. This is interesting information for ad network operators and advertisers because it allows them to serve targeted ads.
In short, tracking cookies are used to identify visitors, create user profiles and provide personalized advertisements. This means that cookie data can, in theory at least, be exploited to retrieve personal data. To test this, Noyb has made multiple inspection requests based on cookie data.
What transpired? Many Web site owners and data merchants did not comply with the privacy foundation's access request. Instead, they asked for other forms of identification (placed cookies linked to users were insufficient). Or worse, they ignored the access request.
Not to be outdone, Noyb decided to file several clients against the parties involved. "The idea behind these complaints is simple: if a company can use a cookie to track, profile and send me targeted advertising, why shouldn't I be able to use that same cookie to exercise my AVG right?" wonders Stefano Rossesetti, data protection lawyer at Noyb.
In the suit, the Austrian Privacy Foundation argues that the failure to authenticate users through cookies violates Articles 11, 12, 15, 24 and 25 of the AVG. These articles deal with, among other things, the right to access, transparency of communication, protection of personal data and the corresponding responsibilities.
Rossetti is confident that the complaint to the Garante per la Protezione dei Dati Personali (GPDP), the Italian regulator, will bear fruit. "These complaints open a new series of lawsuits about digital identity and the possibility of using a tracking tool, in this case cookies, to exercise AVG rights," the lawyer said.
Noyb asks the regulator to investigate and, if parties violate European privacy laws, impose an "effective, proportionate and dissuasive" fine.
https://noyb.eu/nl/datamakelaars-identificatie-mogelijk-om-advertenties-te-verkopen-niet-om-grondrechten-uit-te
