Civil liberties campaigners on Tuesday filed complaints with national regulators across Europe alleging data protection violations by online advertising real-time bidding systems, and Google’s Authorised Buyers programme in particular.
The complaints leverage stricter GDPR data protection rules introduced last year, according to Berlin-based campaign group Liberties, which is coordinating the actions.
The group argues that behavioural advertising systems “broadcast the personal data of users to hundreds if not thousands of companies”.
Free content and services online are effectively paid for with users’ personal information, which includes “our browsing history, our location, our sexual orientation, our religion and our online identity”, said Liberties legal expert Eva Simon in a blog post.
The actions, filed in the UK, France, Germany and nine other countries, are intended as a wake-up call to national regulators, Simon said.
The aim is to get regulators to coordinate with one another and with the European Data Protection Board, she said, arguing that a joint action on behalf of EU data protection offices would be “the most effective way” to force changes in the online ad industry.
“The GDPR is in effect, but has yet to be truly enforced,” Simon stated. “We would like to change this with our campaign.”
She said that real-time bidding goes against GDPR rules by failing to obtain users’ informed consent and by introducing a “very high” risk of data leaks.
“Our data is broadcast to thousands of companies across the world,” Simon wrote.
The other countries in which actions were filed are Belgium, Bulgaria, the Czech Republic, Hungary, Estonia, Ireland, the Netherlands, Poland and Slovenia.
Liberties advocacy officer Orsolya Reich said the group is not taking issue with organisations who make use of real-time bidding, but with those who set industry standards.
“We want them to comply with the laws, which at present, as far as we can tell, they aren’t doing,” she said in a statement.
The worldwide online ad industry, in which Google and Facebook are dominant players, is set to grow to $273 billion (£215bn) this year, according to eMarketer.
In the most serious cases, the GDPR allows for companies to be fined up to 20 million euros (£18m) or 4 percent of their global turnover, whichever is larger.
In January privacy-oriented browser company Brave targeted Google and the Internet Advertising Bureau (IAB) with a GDPR complaint similarly alleging that privacy flaws are inherent in current ad standards, while last month the Irish data protection regulator launched a probe into GDPR’s compliance.
Google’s shares closed down 6 percent on Monday following reports of a possible antitrust probe by US regulators.
Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…
Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…
Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…
After axing 31 percent of its workforce when it failed to be acquired by Amazon,…
Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…
Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…