The IAB has accused privacy campaigners of deliberately damaging the digital advertising industry after legal filings claim the body and Google are intentionally violating GDPR.
The filings made last month by the Panoptykon Foundation and Brave to the UK Information Commissioner’s Office have accused ad auction companies, including Google, of unlawfully profiling internet users’ religious beliefs, ethnicities, diseases, disabilities and sexual orientation.
However the IAB has now described the claims as "intentionally damaging to the digital advertising industry and to European digital media that depend on advertising as a system".
The body’s statement adds: "The GDPR does not prohibit processing of personal data, but it sets out the conditions under which processing of personal data is lawful. None of the conditions is the absolute technical impossibility for data to be processed unlawfully.
"There are many instances in daily life where the law provides for requirements, breaches of which are punished by sanctions after the fact, rather than requiring that breaches are technically impossible even to arise."
Through the real-time bidding process, personal information is used to serve ads to internet users based on personal information that is held about them.
The campaigners say that these auction systems fall short of GDPR standards because online users do not have control over the data that is held about them when they are passed through ad servers, nor are they being informed in order to gain consent.
In a statement, Brave explained: "The categories can be benign, such as 'Tesla motors', 'bowling', or 'gadgets'. But, as the new evidence filed today shows, they can also be extraordinarily sensitive.
"For example, one category is 'IAB7-28 Incest/Abuse Support'. This could enable ad auction companies to target and profile a person as an incest or abuse victim.... Other IAB categories relate to sensitive and embarrassing health conditions, religious denomination, sexual orientation, etc."
The IAB’s openRTB system, as well as Google’s Authorised Buyers protocol, were flagged to the ICO by Open Rights Group last September.
Today a Google spokesman said: "Publishers that decide to fund their operations using real-time bidding via Google’s systems must also abide by our policies – including by obtaining consent from end users in Europe for personalised ads, not targeting overly narrow or specific audiences, and not collecting users’ sensitive information, including health conditions, pregnancy status, etc."