Ireland’s data watchdog slammed for letting adtech carry on ‘biggest breach of all time’

A dossier of evidence detailing how the online ad targeting industry profiles Internet users’ intimate characteristics without their knowledge or consent has been published today by the Irish Council for Civil Liberties (ICCL), piling more pressure on the country’s data watchdog to take enforcement action over what complainants contend is the “biggest data breach of all time”.

The publication follows a now two-year-old complaint lodged with Ireland’s Data Protection Commission (DPC) claiming unlawful exploitation of personal data via the programmatic advertising Real-Time Bidding (RTB) process — including dominant RTB systems devised by Google and the Internet Advertising Bureau (IAB).

The Irish DPC opened an investigation into Google’s online Ad Exchange in May 2019, following a complaint filed by Dr Johnny Ryan (then at Brave, now a senior fellow at the ICCL) in September 2018 — but two years on that complaint, like so many major cross-border GDPR cases, remains unresolved.

And, indeed, multiple RTB complaints have been filed with regulators across the EU but none have yet been resolved. It’s a major black mark against the bloc’s flagship data protection framework.

“September 2020 marks two years since my formal complaint to the Irish Data Protection Commission about the “Real-Time Bidding” data breach. This submission demonstrates the consequences of two years of failure to enforce,” writes Ryan in the report.

Today, we release new data on the consequences of the biggest data breach of all time: Real-Time Bidding. Two years after my complaint about the RTB privacy crisis, @DPCIreland has failed to end it. @ICCLtweet https://t.co/4zj476UT3t
pic.twitter.com/RvagTloWk4
— Johnny Ryan (@johnnyryan) September 21, 2020