The social network Pinterest finds itself in the crosshairs of the Noyb association, specialized in the defense of digital rights, for a potential violation of the General Data Protection Regulation (GDPR). A complaint has been filed with the National Commission for Information Technology and Civil Liberties (CNIL), accusing Pinterest of collecting personal data without the explicit consent of users.
According to Noyb, the ad personalization option, which requires data collection, would be enabled by default on users' accounts, without their consent. This practice would contravene the requirements of the GDPR, which requires explicit consent for data collection for advertising purposes.
A lack of transparency from Pinterest
The complaint also highlights a lack of transparency in Pinterest's data management. The association accuses the platform of not having responded satisfactorily to a request for access to personal information, preventing users from knowing what data has been shared with third parties.
Serious consequences for Pinterest?
If proven, Pinterest could face stiff penalties, as GDPR provides for fines of up to 4% of annual global revenue for companies found in violation. With approximately 130 million users in the European Union, this case could force Pinterest to review its practices regarding personalized advertising and data management.
The CNIL, known for its intransigence in terms of personal data protection, could be led to take an exemplary decision, encouraging other platforms to better comply with current European legislation. However, since Pinterest's European headquarters are located in Dublin, the investigation could be transferred to the Irish data protection authority.
For its part, Pinterest reacted: “Pinterest’s approach to personalized advertising is GDPR compliant” Pinterest spokesperson insisted.
