Rights Organizations Warn about Unlawful Data Exploitation in Popular Apps

Liberties is leading a second outreach on the GDPR violations adtech industry is committing. Based on new evidence, Liberties members and partners are urging national data protection authorities to stop rights violations.

On 4 March, following the invitation of Civil Liberties Union for Europe (Liberties), 11 human and digital rights organizations in seven EU countries have urged their local Data Protection Authorities (DPAs), to investigate the GDPR violations certain popular dating, fertility tracking, and children’s apps are invested in. The countries joining the campaign include Croatia, Germany, Hungary, Italy, Slovenia, Spain and Sweden. Liberties’ initiative is based on the report “Out of Control” by the Norwegian Consumer Council (NCC) and their research partner, digital rights organization NOYB in Austria.

This isn't the first time Liberties has fought against GDPR violations

Liberties led a similar outreach, the #StopSpyingOnUs campaign, in nine EU countries in June 2019. In that case we were asking DPA’s to stop Google and IAB Europe from breaching GDPR by setting harmful standards for real-time bidding. Then, Liberties’ members and partners sent the Ryan-report to the authorities showing how unlawfully the technical standards for RTB were set, and how the industry was failing not protect sensitive personal data from potential breaches. Liberties argued that the practice is not only against GDPR, but, by allowing massive profiling and targeting, it endangers our democracies too.

Report shows how third parties collect and exploit user data

NCC’s report provided the human and digital rights community with new evidence on how the online marketing and adtech industry operates. Ten apps from different categories, among them dating apps that are very popular in Europe (Tinder, Grinder and OkCupid) are being analyzed. The report shows how commercial third parties, hiding out of sight of users, receive and exploit personal data that users inadvertently share with the companies providing them with the apps. The legal basis of such third parties obtaining data is highly questionable. They do not obtain valid consent from consumers to process their personal data and they also fail to meet the requirements for the use of legitimate interests for processing the data (GDPR, Art. 9 and Art. 6).

Surveillance can affect how we use the inernet

The data collected through these apps are meant to help advertisers find their right audience and communicate with their potential consumers efficiently. At first sight, this may look innocuous. Many people like personalized ads and if they can choose what kinds of ads to see, many choose those that convey relevant commercial information to them. However, it needs to be emphasized that the comprehensive profiling and categorization of consumers can trigger all sorts of harms most users are not yet aware of. These include discrimination and exclusion, fraud, manipulation, and the chilling effects that massive commercial surveillance systems may have on democratic debates. Studies have shown that when individuals feel that their behavior is being recorded, they modify their behavior. Surveillance may affect how we use the internet, whether we are willing to look for certain information on the working of our institutions and the way our political leaders conduct their business.

Individual citizens have no meaningful ways to resist or otherwise protect themselves from this type of data exploitation. It is time for national enforcement authorities to ensure that the adtech industry changes its ways and starts respecting GDPR.

The participating organizations are:

For more details about the campaign, please contact:

Orsolya Reich
Senior Advocacy Officer
o.reich at liberties.eu

For additional inquiries about Liberties, please contact:
Vanja Prokic
Head of Communications
v.prokic at liberties.eu