Italy: Garante warns TikTok Italy and TikTok Technology in relation to planned advertising activities based on legitimate interest
The Italian data protection authority ('Garante') issued, on 7 July 2022, its Decision No. 248, in which it imposed an urgent warning against TikTok Italy S.r.l. and TikTok Technology Limited, for envisaged violations of Article 5(3) of the Directive on Privacy and Electronic Communications (2002/58/EC) (as amended) ('the ePrivacy Directive') and Article 122 of the Personal Data Protection Code, Containing Provisions to Adapt the National Legislation to the General Data Protection Regulation (Regulation (EU) 679/2016) ('GDPR') ('the Code'), following a press release on the issuance of the warning in question.
Background to the decision
Thereafter, the Garante stated that it had requested TikTok Italy to provide further information, including on the reasons underlying the choice to rely on legitimate interest as a legal basis. Further to this, the Garante noted that TikTok Italy had clarified, among other things, that the processing activities in relation to targeting users with personalised ads would involve both data obtained from activities on TikTok (i.e. information collected directly from the users' actions on the platform) and data derived from activities outside TikTok (i.e. information received from external partners operating in the advertising, measurement, and data sectors, obtained from the users' activity carried out outside the platform).
Findings of the Garante
Separately, the Garante pointed out that, based on the abovementioned elements, TikTok's processing activities also present several critical profiles under the GDPR, which are being investigated by the Garante. On this point, the Garante further confirmed that it had informed the European Data Protection Board ('EDPB') and the Data Protection Commission ('DPC') of its decision, and advised that the same should consider taking urgent action within the framework of the cooperation procedures under the GDPR.
In conclusion, the Garante issued a warning against TikTok Italy and TikTok Technology and highlighted that, should the same proceed with the processing activities described above from 13 July 2022, the Garante reserves the right to take further action, including imposing sanctions. Lastly, the Garante noted that TikTok Italy and TikTok Technology may lodge an appeal against the decision before the ordinary judicial authority.
You can read the decision, only available in Italian, here.
UPDATE (14 July 2022)
Italy: Garante confirms TikTok suspending planned switch to legitimate interest as legal basis for ads
The Garante announced, on 13 July 2022, that, following its warning, TikTok had suspended the switch to legitimate interest as the legal basis for personalised advertising for people over the age of 18 based on the profiling of behaviour when browsing on the platform. Specifically, the Garante acknowledged TikTok's decision as responsible and declared itself open to a dialogue aimed at finding a balance between economic interests and users' rights.
You can read the press release, only available in Italian, here.
UPDATE (18 July 2022)
EDPB publishes English summary of Garante's decision to warn TikTok
The European Data Protection Board ('EDPB') published, on 15 July 2022, an English summary of the warning imposed by the Garante against TikTok in relation to personalised ads based on legitimate interest.
You can read the summary here.