Oracle and Equifax among seven firms accused of violating GDPR by Privacy International

Privacy International accuse seven data brokers, at-tech firms and credit agencies of being “premised on exploiting people’s data”

Graphic of individuals being glared at by cameras and having their privacy invaded

Seven companies including Oracle and Equifax have been accused of violating data protection laws by a privacy rights group and referred to data regulators.

Privacy International (PI) has filed complaints against two data brokers, three ad-tech firms and two credit referencing agencies with French authorities, the Irish Data Protection Commission (DPC) and the Information Commissioner's Office (ICO).

The EU's General Data Protection Regulation (GDPR), which came into force on 25 May, demands a far higher standard for data protection and individuals' privacy rights from organisations than ever before.

PI is accusing the firms of disregarding data protection principles, including purpose limitation (specifying exactly how data is used), data minimisation (data is held no longer than absolutely required), and data accuracy.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The organisation is basing their accusations on more than 50 subject access requests (SARs) files with the companies, as well as information they have provided in their marketing materials and privacy policies.

"The data broker and ad-tech industries are premised on exploiting people's data," said PI's legal office Ailidh Callander.

"Most people have likely never heard of these companies, and yet they are amassing as much data about us as they can and building intricate profiles about our lives.

"GDPR sets clear limits on the abuse of personal data. PI's complaints set out why we consider these companies' practices are failing to meet the standard - yet we've only been able to scratch the surface with regard to their data exploitation practices."

The group argues that the companies, which also include Acxiom, Criteo, Experian, Quantcast and Tapad, do not have a legal basis for the way they use people's data, and have not attained appropriate consents. PI also says they do not have the basis for processing sensitive personal data.

The ICO has already issued assessment notices to data broker Acxiom, as well as credit rating agencies Equifax and Experian. PI has urged the UK data regulator to widen its ongoing investigations to include the other four firms.

Advertisement - Article continues below

A Criteo spokesperson said the firm was requested to fill a questionnaire on privacy in May, and said they invited PI to meet for further discussions. They added they did not get a response, and instead learned of the complaint two days ago.

"Whilst disappointed that they have chosen to take this action, we have complete confidence in our privacy practices and we remain open to answer any questions that PI may have," the spokesperson said.

An Acxiom spokesperson said the company's associates need to pass data security and privacy tests, and in May the business passed a Direct Marketing Association (DMA) audit around data privacy and compliance.

"We have worked hard to ensure that we are compliant with GDPR and we continue to believe that our services meet its requirements," said an Experian spokesperson.

Advertisement
Advertisement - Article continues below

Oracle, Equifax and Quantcast refused to comment. Tapad was also approached. 

"We are aware of concerns raised about the compliance of data protection laws by big tech companies, data brokers and credit referencing agencies," an ICO spokesperson said.

Advertisement - Article continues below

"These concerns have been raised with regulators in different EU countries and the ICO will be working with the relevant data protection authorities, and the new European Data Protection Board, to consider the facts and support any possible joint work or inquiries in other jurisdictions."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020