Civil liberties group demands action on 'largest data breach ever recorded'
Liam Herrick, Executive Director of the Irish Counci of Civil Liberties.
The Data Protection Commission has been accused of an âunacceptableâ lack of action concerning the behaviour of the online advertising industry, alleged to be âthe largest data breach ever recordedâ.
A new submission by the Irish Council for Civil Liberties (ICCL) to the DPC claims that the system of real time bidding, the dynamic process of auctioning advertising space as people browsed online, sees âIrish peopleâs health condition, political views, and whereabouts⊠analysed and sold in a dark data marketâ.
The ICCL further claims that insufficient action has been taken on a complaint regarding real time bidding submitted to the DPC by its fellow, Dr Johnny Ryan, two years ago when he was working in the private sector.
The DPC officially opened an investigation into Google Irelandâs processing of personal data via its online Ad Exchange in May 2019 off the back of Dr Ryanâs complaint, first lodged in September 2018.
It said at the time that the purpose of the investigation is to establish whether or not the data processed by Google as part of its online advertising auctions is compliant with the EUâs General Data Protection Regulation (GDPR).
âExtensive recent updates and correspondence on this matter, including a meeting, have been provided by the DPC,â Graham Doyle, deputy commissioner with the Commission, said.
âThe investigation has progressed and a full update on the next steps provided to the concerned party.âÂ
The ICCL has alleged that real time bidding, which sees people marketed to via their recorded online actions, breaches Article Five of the GDPR, which requires that personal data be kept secure.
âIt is the biggest data breach ever recorded, leaking our secrets hundreds of billions of times per day,â the Council said in a statement.
While Google, which is merely one of the largest purveyors of such marketable data, has become increasingly sensitive to accusations of data misuse in the past two years, the process of real time bidding remains incredibly lucrative to the tech giant.Â
In the third quarter of 2018, 87% of Googleâs total revenue came from advertising equating to about âŹ20.4 billion.
In his and the ICCLâs submission, however, Dr Ryan alleges that real time bidding has seen usersâ personal data sold to companies involved in multiple other activities other than the mere sale of products.
It also claims that the system has seen the targeting of 1,200 Irish people profiled as belonging to a âsubstance abuseâ category.
Other examples of such categories include those profiled under headings such as âAIDS & HIVâ, âSTDâ, âChronic Painâ, and âSleep Disordersâ.
Liam Herrick, the ICCLâs executive director, dubbed the perceived delay in action by the DPC as being âunacceptableâ.
âContinued failure will further harm citizens and damage Irelandâs reputation,â Mr Herrick said.
The DPC, as the âone stop shopâ for regulating the many multinational tech companies headquartered in Ireland, has primary responsibility for monitoring and investigating the likes of Google and Facebook within Europe.
âTwo years after I formally notified the DPC about the real time bidding privacy crisis, my intimate data continues to be broadcast to countless companies through the RTB system. So does yours,â Dr Ryan said.
His legal representative, international digital rights lawyer Ravi Naik, said âthe DPCâs inaction has led to a blockage of enforcement against these practices across Europeâ.
âThis is an intolerable situation for such wide-scale abuses and the DPC needs to act for this illegal conduct to end,â he added.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
