Tech firms face major GDPR probe | ICO issues assessment notices to Axicom, Experian and Equifax. Privacy International (PI) has lodged complaints of “systematic infringements” of data protection law by seven companies that it claims have exploited the data of millions of users without thorough criticism. The civil rights group has singled out the data brokers Acxicom and Oracle, ad-tech firms Critero, Quantcast and Tapad as well as the credit rating agencies Equifax and Experian. PI wants European data protection watchdogs to launch probes into the seven companies to assess whether their practices meet the standards laid out in GDPR. The complaints against the companies in question are based on over 50 Subject Access Requests and the information provided on their websites. PI argues that the way these companies use data contravenes the new regulation especially when it comes to profiling.
Major GDPR probe – Seven firms just the beginning?
PI wants European data protection watchdogs to launch probes into the seven companies to assess whether their practices meet the standards laid out in GDPR. The complaints against the companies in question are based on over 50 Subject Access Requests and the information provided on their websites. PI argues that the way these companies use data contravenes the new regulation especially when it comes to profiling.
Large firms to be held accountable
Legal officer Ailidh Callander explained why regulators should go after the companies identified by PI to the Register, saying:
GDPR sets clear limits on the abuse of personal data. PI’s complaints set out why we consider these companies’ practices are failing to meet the standard – yet we’ve only been able to scratch the surface with regard to their data exploitation practices. GDPR gives regulators teeth and now is the time to use them to hold these companies to account.
The Information Commissioner’s Office has issued assessment notices to Axicom, Experian and Equifax which will allow it to carry out compulsory audits. However, this is not enough for PI which wants the ICO to go after other businesses in violation of GDPR. The group argued that the companies it highlighted as well as others have failed to comply with Article 5 of GDPR which lays out the data protection principles of transparency, fairness, purpose limitation, data minimisation and accuracy. Sources and credits: The RegisterMore on GDPR rights
