Not only the data protection authorities in Hamburg and the United Kingdom (UK ICO), but also the Berlin data protection authority regularly conducts website audits. In the current annual report of the Berlin authority, a online advertising tracking business is cited as an example.
Although the report is already a few months old, it highlights persistent and recurring weaknesses in GDPR-compliant tracking and consent practices. The analysis reveals violations of the GDPR as well as shortcomings in obtaining valid consent for tracking activities. Most consent banners are based on the Transparency & Consent Framework (TCF), an industry standard for collecting and managing tracking consents in online advertising.
Even companies that do not have direct contact with data subjects must ensure, as data controllers, that valid consent for data processing is obtained. The report also shows that personal data is often processed in ways that do not reflect the wording of the consents, and that decisions made by data subjects are ignored. Choices made in the cookie banner are frequently not considered when passing data on to third parties. Many data protection authorities see this as a fundamental weakness.
Vendor Compliance
We expect further audits by the supervisory authorities. Our Vendor Compliance Platform creates transparency and checks whether technical tracking vendors listed in the CMP (Consent Management Platform) use the data as agreed. Learn more here.