Stop companies from exploiting our data!

Holiday Special, 17 December 2018 Issue

In November, Privacy International filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Through its submissions Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.

The data broker and ad-tech industries are premised on exploiting people’s data. Privacy International’s complaints set out how the practices of these companies, in particular profiling, fall short of compliance with the GDPR. The companies fail to comply with the data protection principles, namely transparency, fairness, lawfulness, purpose limitation, data minimisation, and accuracy. They do not have a legal basis for the way they use people’s data.

The granular insight that such companies build up is illustrated in a piece by Privacy International’s Frederike Kaltheuner, “I asked an online tracking company for all on my data and here’s what I found”.

Some of the key findings include: abuse of legitimate interest as a legal basis; the importance of profiling and data protection principles; the significance of data rights as investigative tools; and the need for collective redress.

Privacy International targeted companies that, despite exploiting the data of millions of people, are not household names and therefore rarely have their practices challenged. In tandem with the complaints, Privacy International launched a campaign to seek to empower people and make it easier to demand that these companies delete our data.

The world is being rebuilt by companies and governments so that they can exploit our data. Without urgent and continuous action, these data will be used in ways that we cannot now imagine, to define and manipulate our lives without us having the capacity to understand why or fight back effectively. Regulators must use their powers under the GDPR to investigate these companies and protect us from the mass exploitation of our data. Privacy International encourages everyone, from journalists, academics, and consumer organisations, to civil society more broadly, to take action to hold these industries to account.

See the full campaign here.

Guess which companies have heard of you?

Provided by: Privacy International