The Business and Human Rights Centre invited the IAB Europe to respond to the publication "Addicted to the algorithm: How Big Tech lobbies to keep us hooked on social media" by Corporate Europe Observatory. IAB responded.

Specific allegations made by CEO in the 5th February article

The 5 February article by CEO alleges that IAB Europe "opposes enabling consumers to opt out of personalised advertising” (see p. 13).  Opting out of the processing of personal data for any advertising, including personalised advertising, is a right granted to EU data subjects under the GDPR (formulated as a “right to object” where the legitimate interests legal basis has been used or a withholding or withdrawal of consent where the consent legal basis is used).  Not only would it be suprising for IAB Europe to take a stand against a right already granted in EU law, but IAB Europe members have even gone to the length of developing a minimum, best-practice privacy & data protection legal compliance standard, the Transparency & Consent Framework (TCF), that (1) ensures that data processing for personalised advertising can only be done on an opt-in basis on sites and apps that implement the Framework, using the consent legal ground, and (2) facilitates the withdrawal or withholding of consent for personalised advertising where this is what data subjects wish to do. My team would be happy to walk you through this standard and how it is implemented on sites and apps across Europe and around the world. 

IAB Europe’s position on addictive design more broadly 

IAB Europe’s own scope of activity is advertising, not online content.  Concerns around hyper-personalisation of content, most of which is user-generated rather than being created by platforms, do not directly fall within this scope.  This said, in relation to a forthcoming proposal for a Digital Fairness Act, our position, which focuses on dark patterns and unfair personalisation, is as below:

The EU has a comprehensive and robust legal framework governing digital advertising — including the GDPR, ePrivacy Directive, UCPD, DSA, DMA and AI Act — which already addresses issues such as manipulative interface design, transparency, targeting practices and consumer protection.

In this same sense, “dark patterns” are already prohibited under existing EU law. Our position here is to focus on better enforcement, greater regulatory coherence and clearer guidance, rather than introducing new overlapping rules.

Similarly, personalised advertising , including for vulnerable consumers, is subject to strict safeguards under EU data protection and consumer protection law. The DSA provides additional protections, including restrictions concerning minors and the use of sensitive data. Moreover, the TCF does not support the processing of sensitive personal data for personalised advertising.

We are also concerned about proposals requiring vulnerability assessments, which raise significant technical and legal challenges. Identifying vulnerability would often necessitate the processing of additional — and potentially sensitive — personal data, potentially requiring explicit consent and creating tension with core GDPR principles such as data minimisation. For these reasons, we do not support such measures..

In our view, given the already comprehensive EU legal framework governing digital advertising, improved oversight and targeted enforcement of the existing legislation will better serve consumers and businesses alike than layering on new overlapping rules.

You may consult our full position submitted in response to the DFA public consultation at any time.