A campaign group has accused the Irish Data Protection Commission (DPC) of allowing the “largest ever recorded” data breach by online advertising
An Irish Council for Civil Liberties (ICCL) submission to the Irish Data Protection Commission (DPC) released on Monday accuses the DPC of failing to stop a “massive” online advertising data breach.
The submission comes two years after a complaint was made by Dr Johnny Ryan, now a senior fellow of the ICCL, against tech companies’ use of Real-Time Bidding (RTB), in which advertising impression data is instantaneously auctioned and purchased by advertisers.
In the submission, the complainant alleges that the RTB process, which includes systems operated by Google and the Internet Advertising Bureau (IAB), makes internet users “an open book to data broker companies, and others, who can build intimate dossiers about each of us.”
Ryan states that in the following two years, the DPC’s failure to resolve his original complaint have seen influence in the Polish Parliamentary election by the targeting of LGBTQ+ people, profiling of people in Ireland in categories such as “Substance abuse”, “ “Sleep Disorders”, “Aids & HIV” and “Incontinence”. He alleges that RTB data tracked movements of people in Italy to see if they complied with Covid-19 lockdown measures.
Dr Ryan said: “Today, two years after I formally notified the DPC about the RTB privacy crisis, my intimate data continues to be broadcast to countless companies through the RTB system, so does yours.”
In a statement, the DPC’s deputy commissioner Graham Doyle said: “Extensive recent updates and correspondence on this matter, including a meeting, have been provided by the DPC. The investigation has progressed and a full update on the next steps provided to the concerned party.”
Google said: “We enforce strict privacy protocols and standards to protect people’s personal information, including industry-leading safeguards on the use of data for real-time bidding. We do not allow advertisers to select ads based on sensitive personal data and we do not share people’s sensitive personal data, browsing histories or profiles with advertisers. We perform audits of ad buyers on Google’s ad exchange and if we find breaches of our policies we take action.”
The post Campaigners pressure Irish Data Protection Commission to act over use of data in ad-targeting appeared first on PrivSec Report.