LiveRamp faces privacy probe over ‘invasive profiling’

data_30_liveramp2LiveRamp’s new adtech system – designed to fill the void when cookies are finally axed – undermines online privacy even more, exposing consumers to invasive profiling that can link their browsing habits to their real identity and even their home address, without consent.

That is the crux of a fresh GDPR complaint submitted to both the UK Information Commissioner’s Office and the French regulator CNIL on behalf of Open Rights Group executive director Jim Killock and French digital rights activists Noémie Levain and Benoît Piédallu.

Killock previously complained to the ICO about online advertising privacy practices in 2018; the latest complaint is based on an investigation commissioned by ORG, carried out by independent research institute Cracked Labs and data protection expert Alan Toner.

The complaints alleges that LiveRamp’s new system, dubbed the Authenticated Traffic Solution (ATS), fails to address or even improve on any of the substantive issues raised by ORG in its 2018 complaint.

Indeed, it claims LiveRamp has now developed a profiling system that combines online and offline identifiers – such as name, email and phone numbers, home addresses – which exposes users to more privacy-invasive profiling, that can link their browsing habits to their real identity and even their home address.

The complaint details how LiveRamp still seems to process personal data without a valid legal basis, while deploying ‘security measures’ that do not seem to protect individuals’ rights or improve data security throughout the online advertising supply chain.

LiveRamp’s systems are also alleged to be more intrusive and pervasive than previous adtech technologies and operate in the background, making their functioning difficult to observe even for technical experts.

This, the ORG maintains, makes these systems less transparent and more difficult to understand for individuals, who are being profiled without their knowledge.

If proved to be in breach of GDPR, it could deliver not only a major blow to LiveRamp but also the hundreds of publishers and brands which use the system across the globe, including those in the US, UK, France, Italy, Spain, Germany, Australia and Japan.

More than 70 demand and supply platforms and over 400 publishers, including 70% of the Comscore 20 and 65% of the Comscore 50, have adopted ATS to offer marketers a way to reach their customers and measure campaign outcomes without third-party cookies or device identifiers.

Clients include Microsoft Advertising, Danone, Realtor.com, CafeMedia, Tubi, and The McClatchy Company in the US; Reach, Dennis Publishing, eBay Classifieds Group UK, and IDG in the UK; Burda Community Network in Germany; and Cricket Australia, the first in-app publisher signed, among others.

But Killock said: “The LiveRamp system is intrusive and lets advertisers link people’s actual address and name with their browsing habits. This is unacceptable.

“The adtech industry is evolving fast as regulators elsewhere clamp down on profiling and excessive data sharing. These new and dangerous technologies are an attempt to get around changes that limit the use of tracking cookies, and to make online advertising more intrusive, rather than less.

“We hope that both the ICO and CNIL in France will take these issues very seriously and investigate. In the UK, there are still outstanding, unresolved issues from previous complaints. Europe is making slow but definite progress against intrusive adtech. In the USA, new data laws are beginning to tackle abusive practices.

“Now is the time to halt these new and dangerous technologies before they get out of hand.”

Related stories
LiveRamp signs $200m deal for ‘clean room’ specialist
Co-op brings in LiveRamp to enter retail media market
LiveRamp to boost eBay Classifieds in post-cookie era
Game signs up to LiveRamp data partnership platform
Carwow brings in LiveRamp for data-driven marketing
LiveRamp signs deal to boost programmatic TV assault

Print Friendly