Timeline of complaints against AdTech
The General Data Protection Regulation (GDPR) became enforceable on May 25th 2018. Since then, complaints against the AdTech industry are piling up, attacking intrusive tracking and profiling practices, unfairly obtained consent and insufficient legal basis, all of which we consider to infringe GDPR. This timeline is a list of some of the key actions taken against this ecosystem, a reminder of the challenges that AdTech companies are facing and a demonstration that GDPR still has to be implemented and enforced.
-
The Irish Council for Civil Liberties (ICCL) has filed a lawsuit in Hamburg against three AdTech industry trade bodies including the Interactive Avertising Bureau (IAB). Members of the IAB include big tech companies (Google, Facebook, Amazon, Twitter...), data brokers (Equifax, Experian, Acxiom...)
-
After developing software that automatically recognises cookie banners that do not comply with the GDPR (usually because they do not provide a clear one-click option to reject all non-essential cookies), noyb has sent over 500 complaints to companies they consider non-compliant and given them a one
-
French data protection regulator CNIL fined Google and Amazon €100 million and €35 million respectively for breaches of the French Data Protection Act. The CNIL found that the French websites of Google and Amazon had not sought the prior consent of visitors before advertising cookies were saved on
-
Civil society organisations Civil Liberties union for Europe, Open Rights Group and Panoptykon Foundation have filed complaints against Google and Interactive Advertising Bureau (IAB) member companies in Croatia, Cyprus, Greece, Malta, Portugal and Romania. The complaints address privacy abuses
-
After a two year investigation into credit referencing agencies (CRAs) Experian, Equifax and TransUnion - initiated in part pursuant to a complaint filed by PI against Equifax and Experian in November 2018 - the ICO has published a report finding "widespread and systemic data protection failings" in
-
noyb filed a complaint against address broker AZ Direct Österreich GmbH after it refused to provide information on the origin and recipients of data processed. The address broker, in a response to a data subject access request, claimed not to know where the residential address of the data subject –
-
PI filed a complaint against health website Doctissimo with the French data protection authority (CNIL) after our research found that Doctissimo engaged in programmatic advertising, and shared the results of online depression tests taken on its platform with third parties. The complaint argues
-
The Norwegian Consumer Council ( Forbrukerrådet) and noyb filed three formal complaints against Grindr and ad tech companies that were receiving personal data through the app: Twitter’s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato. The complaint followed an investigation carried out by the
-
GDPR complaints about Real-Time Bidding (RTB) in the online advertising industry were filed today with Data Protection Authorities in Spain, the Netherlands, Belgium, and Luxembourg. The complaints detail the vast scale of personal data leakage by Google and other major companies in the “Ad Tech”
-
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and
-
Dr Johnny Ryan filed a formal complaint with the Irish Data Protection Commission against IAB Europe, the tracking industry’s primary lobbying organization. The complaint was filed against IAB Europe’s use of an unlawful “cookie wall” on its website. Visitors to IAB Europe’s website, www.iabeurope
-
Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave, by filing a new complaint in Poland. Together
-
Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. It’s been more than five months since the EU’s
-
Simultaneous complaints have been filed with European data protection authorities against Google and other ad tech firms. The complainants are being made by Dr Johnny Ryan of Brave, the private web browser, Jim Killock, Executive Director of the Open Rights Group, and Michael Veale of University