On 20 May 2019, complaints were filed with Data Protection Authorities (DPAs) in Spain, the Netherlands, Belgium, and Luxembourg. The complaints relate to the practice called Real-Time Bidding (RTB). The complainants consider RTB a “vast scale personal data leakage by Google and other major companies” in the behavoiral advertising industry. The complaints add up to the complaints previously filed in Ireland, the UK and Poland.
According to the press release (https://fixad.tech/ad-tech-gdpr-complaint-is-extended-to-five-more-european-regulators/), when a user visits a website that uses these website that uses RTB systems personal data ( people’s exact locations, inferred religious, sexual, political characteristics, what they are reading, watching, and listening to online) about them and what they are viewing is “broadcast in a “bid request” to dozens or hundreds of companies”. The way the bid request works is by asking bids potential advertisers in exchange for showing a specific ad to a s specific visitor. The complainants point out that such bid requests occur hundreds of billions of times every day, and that this is the most massive leakage of personal data recorded so far”. For example, Google’s DoubleClick (recently renamed “Authorized Buyers”) is active on 8.4 million websites. It allegedly sends personal data about everyone visiting websites with this system to over 2,000 companies. Once the data is sent, there is no supervision of what happens with that personal data. While Google relies on self-regulatory guidelines, it is not clear how the implementation of these guidelines is supervised.