European Union Countries Demand GDPR Action Against Ad Techs

Laura BednarCybersecurityLeave a Comment

companies-GDPR-scrutiny-ad-tech

You have most likely been subject to what is considered the largest leak of personal data thus far, and you don’t even know it’s happening. Several countries in the European Union have launched complaints against ad tech companies for the way they collect personal information to target online ads. Consumers are demanding that the process for advertising be more highly scrutinized under the European Union’s General Data Protection Regulation (GDPR) Laws.

Complaints of Questionable Practices

The grievances were aimed at the real-time-bidding system that many ad tech companies use. Advertising technology, or ad tech, is a term that encompasses different types of analytics and digital tools to direct advertising at specific individuals and target ads for specific audiences. Real-time-bidding is the method through which these companies obtain their data. This technique kickstarts a bidding war that takes place in a matter of seconds.

When a user visits a website, their personal information is sent to hundreds of marketers who bid to have their ad shown on the web page. Some of the major ad tech companies currently in existence are:

  • Quantcast
  • Acxiom
  • Equifax
  • Oracle

They create a profile on each web user out there and can obtain information like religion, sexual orientation, and shopping habits. This profiling happens consistently and advertisers in the U.S. have spent close to $23.5 billion on this tactic in 2018 alone.

Taking Action for the Sake of Privacy

Four countries had their data regulators send in complaints to the EU including Belgium, Luxembourg, the Netherlands, and Spain. Additionally, regulators in the UK and Poland have filed complaints. The head of Brave, a private web browser, prompted action from the Irish Data Protection Commission (DPS) to investigate whether each stage of advertising on Google is GDPR compliant. The DPC is the lead privacy regulator for tech giants in Europe.

The GDPR states that all personal data must be processed in a manner that ensures security as well as transparency. The problem is that most of these advertising practices take place behind the scenes and until now, most web users had no idea that RTB was taking place. A specific attack against Quantcast was made last year by Privacy International, who wanted to know how much of the personal information was truly needed for legitimate business.

A specific example of insecure practices is the way that Quantcast obtains consent for their ad practices. They would have a large pop-up blocking access to a website that a user must click and agree to before proceeding. The little explanation about their practices and data usage goes against GDPR Laws that state a user must be able to know how their data is being used in clear and simple terms.

Consequences of Improper Enforcement

One of the issues with resolving suspected data security issues is designating which group should investigate. The technological systems that are in question are used across European borders and involve entities such as Google and the Internet Advertising Bureau (IAB). The privacy regulators in each country, as well as groups on a larger scale, must work to resolve the complaints in multiple countries.

Big tech companies currently under investigation include Facebook, WhatsApp, Apple, and Twitter. Violating GDPR Laws may cost them up to 4% of annual global turnover. Companies need to show that they are not collecting unnecessary data and are transparent about their practices. If the cases against the ad tech methods result in a favorable outcome for consumers, we may soon be seeing a whole new way of online advertising.

Ensuring Total Privacy

Our line of hardware encrypted SecureDrives offers total privacy for online users, businesses, and individuals alike. These devices offer unique authentication methods to ensure no outside party can access personal information. Additionally, we are an SSAE 18 Type II Certified company and follow strict security measures when handling your data during the recovery process. For more information on how Secure Data puts privacy at the forefront of our operations, call 1-800-388-1266.