A PYMNTS Company

EU: Google GDPR complaint suggests personal data misuse

 |  January 29, 2019

A General Data Protection Regulation (GDPR) complaint shows that Google may have misused people’s personal data and categorized them in highly sensitive ways, according to reports.

Google’s ad technology apparently labels users depending on their internet activity, noted a report in TechCrunch. What’s more, they’re labeled with tags like cancer, mental health, right- or left-wing politics or even sexually transmitted diseases.

These sensitive topics get shared with potentially thousands of third party companies through a live ad-auction process called real-time bidding (RTB).

The RTB complaint was filed last year by Dr Johnny Ryan from the browser Brave; Michael Veale, a researcher at University College London; and Jim Killock, director of the Open Rights Group. They say there are “wide-scale and systemic breaches of the data protection regime by Google and others.”

“There is no legal justification for such pervasive and invasive profiling and processing of personal data for profit,” the complaint said.

Polish anti-surveillance NGO Panoptykon Foundation has also joined in the complaint.

“Ad auction systems are obscure by design,” Katarzyna Szymielewicz, president of the NGO said. “Lack of transparency makes it impossible for users to exercise their rights under GDPR. There is no way to verify, correct or delete marketing categories that have been assigned to us, even though we are talking about our personal data. IAB [The Interactive Advertising Bureau] and Google have to redesign their systems to fix this failure.”

The European Union’s GDPR (General Data Protection Regulation) requires that special category data collectors secure explicit consent from internet users, and there are not many exceptions. The complaint argues that ordinary internet users have no idea the type of information that’s being collected about them, or on what scale it’s being shared and sold.

The RTB process happens quickly and without consent, because if it didn’t, there would be hundreds of requests to collect intimate information from all kinds of companies.

“The speed at which RTB occurs means that such special category data may be disseminated without any consent or control over the dissemination of that data,,” the group wrote in the original complaint filing. “Given that such data is likely to be disseminated to numerous organizations who would look to amalgamate such data with other data, extremely intricate profiles of individuals can be produced without the data subject’s knowledge, let alone consent.”

Full Content: PYMNTS

Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.