Data dealers accused of GDPR failings

Data law regulators in Europe have been called upon to look into a potential data breach case, with brokers, credit ratings agencies and adtech firms falling under suspicion of not playing by new rules.

Complaints were filed to regulators last week by a campaign group named Privacy International, regarding possible transgressions committed by the data broker Acxiom, credit rating agencies, Experian and Equifax, and software multinational, Oracle, the Financial Times online reports.

According to Privacy International, the companies which deal in high volumes of consumer information online, should not be able to have access to such quantities of data.

Legal officer at Privacy International, Ailidh Callander, said:

“Part of their business models are about fundamentally exploiting data and therefore clash with many of the provisions [of the GDPR].”

“We put most of our attention on the bigger companies with which people have a direct relationship, like Facebook and Google, but then there are these other companies that most people have never heard of, and wouldn’t expect to have a huge amount of data about us.”

Ms Callender asserted that data collection behaviours of the firms involved fell short of GDPR’s core principles of transparency and accountability.

The firms accused maintain that they use data anonymisation technology and that users are always asked for consent regarding the usage of personal data. However, Privacy International says that collecting anonymised or pseudonymised data has allowed the companies to work out more personal elements of data subjects’ lives, such as political affiliation, religion and racial heritage.

Data privacy hasn’t been far from the headlines throughout 2018, with the Facebook / Cambridge Analytica scandal setting the tone for what has been a record-breaking year in Europe for complaints made to regulatory bodies.

Last month Facebook was hit by a £500,000 fine by the Information Commissioner’s Office, the data privacy regulator in the UK, the sum being the maximum possible penalty under the Data Protection Act 1998.

The Information Commissioner, Elizabeth Denham, said “A company of [Facebook’s] size and expertise should have known better and should have done better”, in a chilling reminder to organisations of all sizes of what’s expected in terms of data security adherence in the current climate.

October also saw Google+ publically named and shamed following disclosure of a data leak which, the search engine giant said, potentially impacted upon 500,000 user accounts.

Complaints made by Privacy International illustrate increasing fears of the existence of a data wild west inhabited by information brokers, adtech companies and credit ratings firms, wherein business models are build upon data trading online.

A similar issue was brought up by Brave, a private web browser, which filed a complaint with watchdogs in the UK and Ireland against adtech industry players and Google.

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.