These new complaints come on top of those lodged in 15 other EU countries over 2018 and 2019, which called for immediate investigations into real-time bidding systems, and to enforce EU data protection laws.
Real-time bidding systems involve sharing a person’s sensitive data without their consent, which might include personal browsing history such as their sexual preferences or their recent locations, with hundreds if not thousands of companies online. Companies then bid for that advertising space. The highest bid gets to place their advert in front of that person’s eyes.
Real-time bidding is an abuse to our privacy
This action has been coordinated by a consortium made up of the Civil Liberties Union for Europe (Liberties), Open Rights Group (ORG) and Panoptykon Foundation.
Dr.Orsolya Reich, senior advocacy officer at the Civil Liberties Union for Europe (Liberties), said: “Real-time bidding, which is the bedrock of the online advertising industry, is an abuse of people’s right to privacy. The GDPR has been in place since 2018 and it is there precisely to give people a greater say about what happens to their data online. Today, more civil society groups are saying enough with this invasive advertising model and are asking data protection authorities to stand up against the harmful and unlawful practices they use.”
The consortium calls on all the concerned national data protection authorities to consider the issue of real-time bidding in unison, and to join the investigation conducted by lead supervisory authorities in Ireland and in Belgium.
Joint investigation is necessary
Although some of the complaints from 2018 and 2019 were referred to lead authorities, the consortium has no knowledge of any meaningful cooperation or joint operations between national authorities and the lead authorities. This suggests that cooperation and consistency mechanisms as envisioned in the GDPR are yet to be implemented fully. A joint investigation is necessary here, as real-time bidding functions in the same way across borders and produces the same negative effects in all EU member states.
Marianodelli Santi, legal and policy officer at Open Rights Group (ORG) said: “These new complaints show that the GDPR is working. Individuals are increasingly aware of their rights, and they demand change. Now, it is up to the authorities to support this process, and make sure these laws are properly and consistently enforced against the widespread abuses of the adtech industry.”
The organisations and countries involved in this action are AsociatiapentruTehnologie si Internet (Romania) D3 - Defesa dos DireitosDigitais (Portugal), GONG (Croatia), Global Human Dignity Foundation (Malta), Homo Digitalis (Greece), Institute of Information (Cyprus).
The countries where complaints were filed in 2018 and 2019 were: Belgium, Bulgaria, Czech Republic, Estonia, France, Germany, Hungary, Ireland, Italy, Luxemburg, Poland, Spain, Slovenia, The Netherlands, United Kingdom.
Previously on Liberties: