Regulatory complaint

27 Oct 2020
After a two year investigation into credit referencing agencies (CRAs) Experian, Equifax and TransUnion - initiated in part pursuant to a complaint filed by PI against Equifax and Experian in November 2018 - the ICO has published a report finding "widespread and systemic data protection failings" in
13 Oct 2020
noyb filed a complaint against address broker AZ Direct Österreich GmbH after it refused to provide information on the origin and recipients of data processed. The address broker, in a response to a data subject access request, claimed not to know where the residential address of the data subject –
26 Jun 2020
PI filed a complaint against health website Doctissimo with the French data protection authority (CNIL) after our research found that Doctissimo engaged in programmatic advertising, and shared the results of online depression tests taken on its platform with third parties. The complaint argues
14 Jan 2020
The Norwegian Consumer Council (Forbrukerrådet) and noyb filed three formal complaints against Grindr and ad tech companies that were receiving personal data through the app: Twitter’s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato. The complaint followed an investigation carried out by the
21 Jul 2020
The algorithm and mathematical model used to predict students’ grades by the International Baccalaureate programme, which was forced to cancel exams because of the pandemic, incorporated three elements: coursework, teachers’ predictions of their students’ exam grades, and “school context”, which was
02 Aug 2020
The French data protection authority, CNIL, has examined the French contact tracing app and ruled that it is not fully compliant with the provisions of GDPR and the French data protection law. CNIL’s primary complaint was that the app transferred the news that a user had been infected to all their
20 May 2019
GDPR complaints about Real-Time Bidding (RTB) in the online advertising industry were filed today with Data Protection Authorities in Spain, the Netherlands, Belgium, and Luxembourg. The complaints detail the vast scale of personal data leakage by Google and other major companies in the “Ad Tech”
12 Sep 2018
Simultaneous complaints have been filed with European data protection authorities against Google and other ad tech firms. The complainants are being made by Dr Johnny Ryan of Brave, the private web browser, Jim Killock, Executive Director of the Open Rights Group, and Michael Veale of University
28 Jan 2019
Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave, by filing a new complaint in Poland. Together
02 May 2019
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and
08 Nov 2018
Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. It’s been more than five months since the EU’s
01 Apr 2019
Dr Johnny Ryan filed a formal complaint with the Irish Data Protection Commission against IAB Europe, the tracking industry’s primary lobbying organization. The complaint was filed against IAB Europe’s use of an unlawful “cookie wall” on its website. Visitors to IAB Europe’s website, www.iabeurope
25 Jan 2019
In January 2019 the UK's Information Commissioner's Office announced it was investigating an incident in which the food service company Deliveroo reported that some of its customers had complained they were charged up to £1,000 for orders they had not placed. Customers have used social media to
15 Nov 2018
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of
27 Nov 2018
In November 2018 the UK Information Commissioner's Office fined Uber's European operation £385,000 for inadequate security that permitted a November 2016 data breach affecting nearly 3 million British users and 82,000 drivers. In the 2016 breach, attackers obtained credentials that allowed them to
01 Feb 2019
In February 2019 the UK Information Commissioner's Office issued fines totalling £120,000 against the EU referendum campaign Leave.EU (£15,000 and £45,000) and Eldon Insurance (£60,000), trading as Go Skippy Insurance, for serious breaches of electronic marketing laws. The ICO also said it would
09 Jan 2019
On January 9, 2019 the UK Information Commissioner's Office fined SCL Elections, also known as Cambridge Analytica, £15,000 for failure to comply with an enforcement notice the ICO issued in May 2018 ordering the company to respond in full to a subject access request submitted by US-based academic
05 Nov 2018
The results of a year-long review issued by the UK Information Commissioner's Office in November 2018 uncovered a "disturbing disregard for voters' personal privacy" on the part of 30 organisations, including social media platforms, political parties, data brokers, and credit reference agencies
18 May 2016
In 2016, Verbraucherzentrale NRW, a consumer protection organisation in the German state of North Rhine-Westphalia accused Samsung of harvesting data and sending it back to the company over the internet without informing users as soon as its smart televisions are connected to the internet. The