November 10, 2018
Privacy International, a UK-based listed charity that protects and promotes the right to secrecy throughout the world, last week filed a number of grievances against US-based Businesses to European based Data Protection bodies regarding supposed breaches of the General Data Protection Regulation.
The General Data Protection Regulation was launched by the European Union on May 25 this year in an attempt to safeguard the confidential information of all people within the European Union and to protect all data exported outside of the EU. It necessitates all firms, groups, and organizations administering data like this to fulfill a particular requirement or else they, the businesses, will be found as breaching the law. The fines for GDPR violations are excessive, going as high as €20m or 4% of yearly international income in the preceding year – whichever figure is higher.
The submitted grievances against US-based businesses including Oracle, Acxiom, Quantcast, Tapad and the credit referencing companies Equifax and Experian. These grievances claim that the method of getting proper approval from people before recording and using their private information is not compliant with GDPR law.
Privacy International issued a statement which said: “It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Basically, the GDPR fortifies rights of people regarding the safety of their data, imposes more strict responsibilities on those processing private data, and provides for tougher regulatory enforcement powers – in theory. In practice, the real test for GDPR will be in its application.
It went on: “Nowhere is this more obvious than for data dealer and ad-tech industries that are premised on abusing people’s data. Despite abusing the data of millions of people, (these firms) are on the whole non-consumer facing and for that reason seldom have their practices questioned.
Secrecy International lawyer Ailidh Callander said: “The data dealer and ad-tech industries are premised on exploiting people’s data. Most people have likely never heard of these firms, and yet they are gathering as much data about us as they can and building complicated profiles about our lives. GDPR sets clear restrictions on the misuse of private data. PI’s grievances set out why we think these businesses’ practices are failing to meet the standard—yet we’ve only been able to cut the surface regarding their data misuse practices. GDPR gives watchdogs teeth and now is the time to use them to hold these businesses to account.”
These grievances further highlight the significance for US companies to make sure that they are completely in compliance with GDPR to avoid the exorbitant penalties for breaching it. Many secrecy advocates are concentrating their efforts on making sure that big multinational firms are not violating the new law. Privacy International itself is carrying out a campaign that seeks to challenge businesses, like those listed in the grievances, on the principles of transparency, fairness, lawfulness, purpose restriction, data minimization, correctness and integrity, and secrecy. It is also requesting more investigations into Articles 13 and 14 (the right to information), Article 15 (the right of access), Article 22 (automated decision making and profiling), Article 25 (data safety and by design and default) and Article 35 (data safety impact evaluations).