Category: GDPR

May 22, 2019 Off

Google’s lead EU regulator opens formal privacy probe of its adtech

By Jill T Frey

Google’s lead data regulator in Europe has opened a formal investigation into its processing of personal data in the context of its online Ad Exchange, TechCrunch has learnt.

This follows a privacy complaint pertaining to adtech’s real-timing bidding (RTB) system filed under Europe’s GDPR framework last year.

The statutory inquiry into Google’s adtech that’s being opened by the Irish Data Protection Commission (DPC), cites section 110 of Ireland’s Data Protection Act 2018, which means that the watchdog suspects infringement — and will now investigate its suspicions.

The DPC writes that the inquiry is “to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation, including the lawful basis for processing, the principles of transparency and data minimisation, as well as Google’s retention practices”.

We’ve reached out to Google for comment. Update: A … Read the rest

May 20, 2019 Off

GDPR adtech complaints keep stacking up in Europe

By Jill T Frey

It’s a year since Europe’s General Data Protection Regulation (GDPR) came into force and leaky adtech is now facing privacy complaints in four more European Union markets. This ups the tally to seven markets where data protection authorities have been urged to investigate a core function of behavioral advertising.

The latest clutch of GDPR complaints aimed at the real-time bidding (RTB) system have been filed in Belgium, Luxembourg, the Netherlands and Spain.

All the complaints argue that RTB entails “wide-scale and systemic” breaches of Europe’s data protection regime, as personal date harvested to profile Internet users for ad-targeting purposes is broadcast widely to bidders in the adtech chain. The complaints have implications for key adtech players, Google and the Internet Advertising Bureau, which set RTB standards used by other in the online adverting pipeline.

We’ve reached out to Google and IAB Europe for comment on the latest complaints. … Read the rest

May 14, 2019 Off

After year-long lockout, Twitter is finally giving people their accounts back

By Jill T Frey

Twitter is finally allowing a number of locked users to regain control of their accounts once again. Around a  year after Europe’s new privacy laws (GDPR) rolled out, Twitter began booting users out of their accounts if it suspected the account’s owner was underage — that is, younger than 13. But the process also locked out many users who said they were now old enough to use Twitter’s service legally.

While Twitter’s rules had stated that users under 13 can’t create accounts or post tweets, many underage users did so anyway thanks to lax enforcement of the policy. The GDPR regulations, however, forced Twitter to address the issue.

But even if the Twitter users were old enough to use the service when the regulations went into effect in May 2018, Twitter still had to figure out a technical solution to delete all the content published to its platform when those … Read the rest

May 10, 2019 Off

UK tax office ordered to delete millions of unlawful biometric voiceprints

By Jill T Frey

The U.K.’s data protection watchdog has issued the government department responsible for collecting taxes with a final enforcement notice, after an investigation found HMRC had collected biometric data from millions of citizens without obtaining proper consent.

HMRC has 28 days from the May 9 notice to delete any Voice ID records where it did not obtain explicit consent to record and create a unique biometric voiceprint linked to the individual’s identity. 

The Voice ID system was introduced in January 2017, with HMRC instructing callers to a helpline to record a phrase to use their voiceprint as a password. The system soon attracted criticism for failing to make it clear that people did not have to agree to their biometric data being recorded by the tax office.

In total, some 7 million U.K. citizens have had voiceprints recorded via the system. HMRC will now have to delete the majority of … Read the rest