The Irish Data Protection Commission has finally launched an investigation into US adtech giant Quantcast for potential breaches of GDPR following complaints logged by Privacy International in November last year against seven companies, including Acxiom, Experian, Equifax, Criteo and Tapad.
The complaints are based on more than 50 subject access requests and the information the companies provide on their websites, with Privacy International arguing that the way these firms use data – especially for profiling – contravenes the regulation.
Although Criteo, Quantcast and Tapad are US firms, they also have significant operations in Europe.
In its initial complaint, Privacy International stated: “[We are] gravely concerned at the data processing activities of the data broking and adtech industry. We are therefore submitting this complaint against Criteo, Quantcast and Tapad together with two separate joined submissions/ complaints to the UK Information Commissioner against Experian, Equifax Acxiom and Oracle.
“Together these companies profit from the exploitation of the personal data of millions of people in the European Union and further afield.”
Quantcast might be the only firm out of the seven to face an official investigation so far, but it joins a rogues gallery of Facebook, WhatsApp, Instagram, Apple, Twitter and LinkedIn which are the subject of a total of 17 investigations by the Irish regulator.
In a statement, the Irish DPC said: “Since the application of the GDPR significant concerns have been raised by individuals and privacy advocates concerning the conduct of technology companies operating in the online advertising sector and their compliance with the GDPR.
“Arising from a submission to the Data Protection Commission by Privacy International, a statutory inquiry pursuant to section 110 of the Data Protection Action 2018 has been commenced in respect of Quantcast International Limited.
“The purpose of the inquiry is to establish whether the company’s processing and aggregating of personal data for the purposes of profiling and utilising the profiles generated for targeted advertising is in compliance with the relevant provisions of the GDPR. The GDPR principle of transparency and retention practices will also be examined.”
Quantcast said it is reviewing the details of the Irish DPC’s statutory inquiry and will “cooperate fully with any investigation”.
Related stories
Programmatic shrugs off GDPR as spend climbs again
Privacy group calls for probe of seven data companies
Data firms under cosh as ICO ramps up political probe
Privacy International probes ‘hidden’ Acxiom practices
New Govt probe to scrutinise behavioural data market
Lords report calls for new crackdown on marketing data
ICO taps up industry for probe into programmatic ads
IAB in dock over sector’s ‘systemic’ breaches of GDPR
$273bn behavioural ad industry ‘is in breach of GDPR’