EU orders all personal data collected through ad consent pop-ups be deleted

pcgamer.com:

In 2018 the European Union and European Economic Area began an initiative to protect the digital privacy of European citizens. Called the General Data Protection Regulation (GDPR), this framework made it so online advertisers had to ask permission from website users to serve them personalised (or as the industry would call them, relevant) adverts.

Any reader in the EU already knows what I'm talking about, but for those outside: Since this regulation came in, the vast majority of websites viewed from within the EU & EEA greet users with a pop-up asking for their consent to be tracked for advertising purposes. They're irritating, mainly because they obscure the content you're trying to see, but also because they can be designed in such a way as to deter users who want to say no (for example, making you untick dozens of boxes to do so).

This complaint was made by the Irish Council for Civil Liberties in 2019 against IAB Europe, a digital ad trade body that represents over 5,500 organisations, and is heavily involved in guiding the advertising industry through Europe's legal framework. It also runs the Transparency & Consent Framework (TCF), a system through which adverts are served. The TCF is the code that carries information on an individual’s decision on whether they're tracked and by who.

A new ruling by 28 EU data protection authorities has found that IAB Europe commits multiple violations of the GDPR in its processing of personal data through the TCF and the realtime bidding system OpenRTB (through which adverts are sold). Essentially, it is saying that these pop-up consent forms are in breach of the principles they were supposed to serve and are therefore illegal.

The judgement reads, in part: «The approach taken so