Privacy International (PI) accuses seven data companies, techfirmas and credit agencies of violating the General Data Protection Regulation (GDPR). For this reason, it submits a complaint to various authorities. They will look at the complaints and assess whether additional steps are needed.

Complaints were lodged against two data companies, three ad hoc tech companies and two credit agencies. These complaints have been lodged with the French authorities, the Irish Data Protection Commission (DPC) and the Information Commissioners Office (ICO). They will assess the complaints on the basis of the European Privacy Directive GDPR, which will apply from 25 May. The standard with which companies must comply with regard to data protection and the privacy of individuals is now higher than ever before.

The accusations

PI accuses the companies of disregarding data protection principles. For example, they have not restricted the way in which they use data, have not limited the amount of data they collect and have not monitored the accuracy of the data. The complaints are based on more than fifty subject access requests files at the companies, as well as information available through marketing materials and privacy policies.

The data trader and ad-tech companies can exist thanks to the data on people, says legal officer Ailidh Callander of PI in a statement to IT Pro. Most people will never have heard of these companies, but they still collect as much data as they can and carefully build profiles about our lives. However, GDPR restricts the way in which this is allowed and how far the data can go. PIs complaints explain why we think these companies do not meet the standard.

Accused companies

The companies, which include Oracle, Equifax, Acxiom, Criteo, Experian, Quantcast and Tapad, would have no legal basis for how they use data. Also, no consent has been given by individuals. PI therefore claims that companies do not have the right to process sensitive personal data.

Spokespersons of the accused companies state that they have every confidence in their practices and the way in which they handle personal data. At the same time, ICO has indicated that it is aware of the concerns and that it will discuss them with the relevant data protection authorities.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.