Just days after the Information Commissioner’s Office revealed it was planning to audit a number of UK data companies, Privacy International has filed complaints of “systematic infringements” of data protection law by seven firms it claims find it too easy to operate under the radar.
Within hours of GDPR coming into force, the privacy group said it had rifled off letters to a “selection” of firms, but at the time only named Acxiom, Criteo, Quantcast.
Now the group said it wants European data protection watchdogs to launch probes into seven – Acxiom, Oracle, Critero, Quantcast, Tapad, Equifax and Experian – which it claims exploit the data of millions of people without thorough examination, to assess whether their practices meet GDPR standards.
The complaints are based on more than 50 subject access requests and the information the companies provide on their websites, with Privacy International arguing that the way these companies use data – especially for profiling – contravenes the regulation.
“GDPR sets clear limits on the abuse of personal data,” said legal officer Ailidh Callander. “Our complaints set out why we consider these companies’ practices are failing to meet the standard – yet we’ve only been able to scratch the surface with regard to their data exploitation practices. GDPR gives regulators teeth and now is the time to use them to hold these companies to account.”
In a statement, Privacy International added: “These companies’ processing activities are opaque and there is no direct relationship with individuals. They amass vast amounts of data about millions of individuals, repurpose these data to infer more data about individuals, then share this data with a multitude of third parties for innumerable purposes.
“Where they claim that consent is a valid basis for processing they fail to demonstrate how it was collected and that the consent was freely given, specific, informed, and unambiguous.
“Where they rely on legitimate interest they have moulded this to fit their self-determined interests without demonstrating the necessity nor sufficient consideration of the impact on individuals’ rights.”
Earlier this week, the ICO said it was widening its probe into the use of data analytics in political campaigns to carry out audits of GB Group, Acxiom and DLG, as well as Experian, Equifax and Callcredit (now TransUnion).
Related stories
Data firms under cosh as ICO ramps up political probe
Privacy International probes ‘hidden’ Acxiom practices