The Interactive Advertising Bureau (IAB) and others are being sued over what is being described as “the world’s largest data breach”. The IAB is the industry body for digital advertising. It has 1200 members, including Facebook, Google, and Amazon.
The Irish Council for Civil Liberties is suing a branch of the IAB over real-time bidding – a multi-million-dollar industry – in which advertising space is auctioned on a webpage or app as it loads. It has described the case as “the world’s largest data breach”.
To help advertisers, a person’s web history is shared with brokers and their clients as they wait for a webpage to load. This includes details about the location of the device and previous websites visited.
By assessing this data in seconds, advertisers decide what ads to target you with, and bid against others for the right to show these ads. So people are being actively targeted with ads based on their web history.
According to a BBC article, a spokesperson at the Irish Council for Civil Liberties said: “If you momentarily see empty advertising spaces before they are filled on a web page or an app, you are essentially watching yourself being auctioned in that moment”.
While personally identifiable information is not shared, data protection experts still believe that this is a violation of privacy. Commenting on this case, Kingsley Hayes, head of data breach at Keller Postman UK, said:
“The data captured in real-time bidding helps to builds a unique user profile, which can include things like a person’s sexual orientation, their religion, their political persuasion, their location, whether they have any debts, their income, their health concerns, and what they are reading, watching, and listening to. This is a huge amount of information to hold and share on an individual without their consent. And, when you consider that most people are not aware that their data is being captured and shared in this way, it is clear that this is a problem.”
Court papers have been lodged in Hamburg, by a Mr Ryan – a former advertising professional – on the grounds that nobody has actively consented to this data being gathered or shared. Responding to the action, the IAB said it was “reviewing the allegations in conjunction with our legal advisers and will respond in due course, if appropriate”.
In our regular update, we provide a roundup of some of the data breaches and… Read More
We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More
The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More
We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More
We have launched a group action against Capita. Group actions can be a powerful tool… Read More