![]() So that’s what Ryan, via the ICCL, is now pressing for: The lawsuit aims to force Ireland to investigate the security of RTB, an issue the regulator has so far seemed keen to avoid. Notably, the DPC did not say its inquiry would interrogate Google’s role in RTB through a security lens - despite the core of Ryan’s complaint being that a system that “functions” by broadcasting highly sensitive data about people (browsing habits, device IDs, location, etc.), across the internet to intermediaries, with no way for the tracked users to control who receives their information or what gets done with it, is the opposite of secure. ![]() However, Ireland did not open an inquiry based on the substance of Ryan’s complaint rather, it opened what’s known as an “own-volition inquiry” - saying it would seek to “establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the GDPR, including the lawful basis for processing, the principles of transparency and data minimisation, as well as Google’s retention practices,” as it put it at the time. On the 2018 Google adtech complaint, the DPC has - so far - announced some procedural steps.įollowing Ryan’s original September 2018 complaint, which named both Google and the online ad industry body the IAB Europe (two key players in the RTB system), Ireland opened a formal inquiry into Google’s adtech in May 2019. The regulator is the lead EU watchdog for Google. He has also lodged a complaint with the European Commission that led to an ombudsperson stepping in to look into the EU’s own high-level monitoring of the (decentralized) application of the GDPR, which relies upon agencies in each member state to do the graft of investigating and enforcing violations of the law. In September 2020, for example, he published a dossier of evidence highlighting how the online ad-targeting industry profiles internet users’ intimate characteristics without their knowledge or consent - calling out the DPC for ongoing inaction over the RTB security complaint. But, more recently, his complaints have increasingly targeted the DPC itself. Ryan will be familiar to anyone who’s been following adtech’s mounting legal woes in Europe as the driving force behind a series of complaints and lawsuits, since 2018, targeting the high-velocity trading of people’s data for real-time ad auctions (real-time bidding, or RTB).Ī former adtech insider turned whistleblower, Ryan has amped up pressure on the industry for reform through a series of strategic GDPR complaints. The ICCL’s suit thus accuses the DPC of a failure to act on what it couches as a “massive Google data breach.” (Security, of course, is a key principle of the EU’s flagship data protection regime.) The litigation has been prepared by the Irish Council for Civil Liberties (ICCL), whose senior fellow, Johnny Ryan, is named as the plaintiff.Īt issue is the DPC’s response to a long-running complaint about Google’s role in the high-velocity trading of web users’ personal data to determine which ads get served - and, more specifically, the lack of attention the data-trading systems of the tracking-based advertising industry pay to security. ![]() Today local press in Ireland reported that the Irish High Court has agreed to hear the suit. Ireland’s evasive response to a major security complaint filed against Google’s adtech the year the European Union’s General Data Protection Regulation (GDPR) came into application is the target of a new lawsuit that accuses the Data Protection Commission (DPC) of years of inaction over what the complainants assert is “the largest data breach ever.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |