Prevent the Online Ad Industry from Misusing Your Data - Join the #StopSpyingOnUs Campaign

Liberties has organised a series of complaints across Europe to call the attention of national data protection offices to the risks of the behavioural advertising industry. Join us and send your complaint to defend privacy of Europeans together.

Thank you for your interest, but this campaign has ended.

You need to accept Functional Preferences Cookies to see this content.

Liberties has organised a series of complaints (BE/FR, BG, CZ, DE, HU, EE, IE/UK [see below], NL, PL) across Europe to call the attention of national data protection offices, asking them to launch investigations into the behavioural advertising industry. The complaints point out that real-time bidding and Google’s Authorized Buyers advertising system may broadcast the personal data of users to hundreds if not thousands of companies. This is happening without people being aware of it, without them being able to consent or dissent, and without them being empowered to do anything about it.

We all know that the online advertising ecosystem relies heavily on our personal data. We all know that we get free content and free services online that are in fact far from free. We are paying for it with our most precious asset: our personal information. This includes our browsing history, our location, our sexual orientation, our religion and our online identity. There have been cases where our personal information, political views and voting preferences were leaked or sold, like the Cambridge Analytica scandal. Facebook from time to time seems to create shaky categories, such as “Jew haters”, and offers these target groups to advertisers. Real-time bidding is just as scary.


We at Liberties think that the way online advertising through real-time bidding works is against the EU's data protection law, the GDPR, which went into force a year ago. Online business entities took the effort to tailor their privacy policies and cookie policies to be in line with the GDPR. How many times did you accept cookie policies in the last year? Even though websites made great efforts to be in line with the GDPR, there are certain methods they still employ that continue to breach the GDPR. These companies can and must ask people’s consent to collect their data. But this consent has to be based on an informed decision. And this element is missing.

The other problem with this advertising method is that the risk of data leaks is very high. When our data is broadcast to thousands of companies across the world, that means our personal data is in danger. There is no control over what happens to our personal information. However, if we cannot enforce control over our personal data, that in itself breaches GDPR.

Watch the video of Dr. Johnny Ryan on how real-time bidding works

The GDPR is in effect, but has yet to be truly enforced. The rules are clear, but nothing significant has really happened to those companies that have been breached, or continue to breach, the GDPR. We would like to change this with our campaign.

So far, digital rights and human rights organisations in 9 EU countries have filed complaints, based on this campaign's same arguments, with their national data protection offices, asking them to investigate real-time bidding.

It's a tricky question as to whether these data protection offices will find the legal basis at national level to investigate real-time bidding. Since we file the same arguments across Europe, they might start cooperating and the European Data Protection Board could have a say on this. Certain advertising methods should not be used. There are other ways to offer people ads besides broadcasting their private information, such as contextualized advertisement methods that respect data protection.

We would like to empower everyone to do something against data broadcasting and potential data leaking. You, whose data has been shared and broadcast, can file the same complaint with your national data protection office as the human rights and digital rights organisations filed. You can use our model letter, fill in your data,f and send it to your data protection office. In doing so, you can make sure that the data protection office understands that not only devoted rights organisations, but private individuals are also concerned. Together, we make our voice stronger.

Do you want to learn more about why RTB is problematic? Read the “Ryan Report” and watch this video.

How to file your legal complaint with your data protection authority?

If you choose to send it by email you can fill out the form through our website. In this case we delete all your data within five days. You can also download the file, fill out and send it by email from your email address directly. In this case we don’t have to handle your data, not even for five days.

Choose your country here: Belgium/France, Bulgaria, Czech Republic, Estonia, Germany, Hungary, Italy, the Netherlands, Poland.


Click here to find out how to file a complaint in Slovenia

This complaint was submitted by The Peace Institute – Institute for Contemporary Social and Political Studies and filed with the Information Commissioner/Informacijski pooblaščenec.

If you want to join you can send the complaint by post or even by email. For filing the complaint in email: gp.ip@ip-rs.si

To send by post: Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana

  1. Download the complaint
  2. Fill out with your personal data.
  3. Print it
  4. Sign it
  5. Send it by post.
  6. Or email it to the Information Commissioner/Informacijski pooblaščenec

Your personal data, such as name and address are needed because this is the only way you can be a complainant under the law.

6. Information Commissioner/Informacijski pooblaščenec prepared a complaint form intended to assist applicants but it is not mandatory to use the form when filing a complaint. This form requires name, surname/ name of the legal entity and contact details - address, phone number and email. However, it is not mandatory to provide all these in Slovenia. In accordance with the law, the data protection authority keeps the data of the applicant anonymous towards other parties. It is also possible to file an anonymous complaint, however in that case the applicant cannot be informed of the results of the proceedings.

Click here to find out how to file a complaint in the United Kingdom

Download the complaint of the Open Rights Group and use it as an inspiration in writing your own complaint to the Information Commissioner.

Download the Ryan report and attach to your complaint.

Click here to find out how to file a complaint in Ireland

Download the complaint filed in Ireland and use it as an inspiration in writing your own complaint to the Irish Data Protection Commission.

Download the Ryan report and attach to your complaint.


The more complaints we file, the louder our voice gets.

We would like to convince national data protection authorities to take seriously the risks of real-time bidding targeted advertising seriously. Liberties would like to bring this case to the EU level because we think a joint action on behalf of EU Data Protection Offices would be the most effective way to change the online advertising ecosystem. This is why we created a website where EU citizens can find complaints to be filed in 11 different EU countries.

Do you want to know more about the digital advertising policy of Liberties? If you do, click here.