Regulatory complaint

10 Dec 2020
Civil society organisations Civil Liberties union for Europe, Open Rights Group and Panoptykon Foundation have filed complaints against Google and Interactive Advertising Bureau (IAB) member companies in Croatia, Cyprus, Greece, Malta, Portugal and Romania. The complaints address privacy abuses
10 Dec 2020
French data protection regulator CNIL fined Google and Amazon €100 million and €35 million respectively for breaches of the French Data Protection Act. The CNIL found that the French websites of Google and Amazon had not sought the prior consent of visitors before advertising cookies were saved on
27 Oct 2020
After a two year investigation into credit referencing agencies (CRAs) Experian, Equifax and TransUnion - initiated in part pursuant to a complaint filed by PI against Equifax and Experian in November 2018 - the ICO has published a report finding "widespread and systemic data protection failings" in
13 Oct 2020
noyb filed a complaint against address broker AZ Direct Österreich GmbH after it refused to provide information on the origin and recipients of data processed. The address broker, in a response to a data subject access request, claimed not to know where the residential address of the data subject –
26 Jun 2020
PI filed a complaint against health website Doctissimo with the French data protection authority (CNIL) after our research found that Doctissimo engaged in programmatic advertising, and shared the results of online depression tests taken on its platform with third parties. The complaint argues
14 Jan 2020
The Norwegian Consumer Council (Forbrukerrådet) and noyb filed three formal complaints against Grindr and ad tech companies that were receiving personal data through the app: Twitter’s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato. The complaint followed an investigation carried out by the
21 Jul 2020
The algorithm and mathematical model used to predict students’ grades by the International Baccalaureate programme, which was forced to cancel exams because of the pandemic, incorporated three elements: coursework, teachers’ predictions of their students’ exam grades, and “school context”, which was
02 Aug 2020
The French data protection authority, CNIL, has examined the French contact tracing app and ruled that it is not fully compliant with the provisions of GDPR and the French data protection law. CNIL’s primary complaint was that the app transferred the news that a user had been infected to all their
20 May 2019
GDPR complaints about Real-Time Bidding (RTB) in the online advertising industry were filed today with Data Protection Authorities in Spain, the Netherlands, Belgium, and Luxembourg. The complaints detail the vast scale of personal data leakage by Google and other major companies in the “Ad Tech”
12 Sep 2018
Simultaneous complaints have been filed with European data protection authorities against Google and other ad tech firms. The complainants are being made by Dr Johnny Ryan of Brave, the private web browser, Jim Killock, Executive Director of the Open Rights Group, and Michael Veale of University
28 Jan 2019
Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave, by filing a new complaint in Poland. Together
02 May 2019
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and
08 Nov 2018
Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. It’s been more than five months since the EU’s
01 Apr 2019
Dr Johnny Ryan filed a formal complaint with the Irish Data Protection Commission against IAB Europe, the tracking industry’s primary lobbying organization. The complaint was filed against IAB Europe’s use of an unlawful “cookie wall” on its website. Visitors to IAB Europe’s website, www.iabeurope
25 Jan 2019
In January 2019 the UK's Information Commissioner's Office announced it was investigating an incident in which the food service company Deliveroo reported that some of its customers had complained they were charged up to £1,000 for orders they had not placed. Customers have used social media to
15 Nov 2018
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of