Privacy International is a registered charity based in the UK that protects and promotes privacy rights around the world. This organization recently filed several complaints against US firms to EU Data Protection agencies regarding alleged violations of the General Data Protection Regulation (GDPR).
The European Union introduced the GDPR on May 25 this year in an effort to secure the personal data of all people within the EU and to protect all data released beyond the EU. It requires all firms, organizations and groups handling people’s data to satisfy a particular condition otherwise they will be found in violation of the legislation. The penalties for violating GDPR are quite high, as much as €20m or 4% of yearly global earnings in the preceding year – whichever amount is higher.
The US-based firms that were involved in the complaints include Acxiom, Oracle, Tapad, Quantcast and credit referencing companies Experian and Equifax. According to the complaints, the companies used a method of getting consent to record and use people’s personal data that does not comply with GDPR legislations.
Privacy International issued the following statement with respect to this issue. It’s been roughly five months since the enforcement of the EU’s GDPR. Essentially, the GDPR advances the rights of people regarding data protection, implements greater responsibilities on personal data processors and offers stronger regulatory enforcement to authorities. In reality, the true test for the effectiveness of GDPR is its enforcement.
A lot of data brokers and ad-tech companies are presupposed to exploiting the data of people. In spite of exploiting millions of data and creating elaborate profiles of people, these companies generally do not interact with consumers and so their practices are hardly ever questioned.
GDPR imposes clear boundaries on the misuse of private data. The submission of complaints by Privacy International calls to attention the practices of these companies, which fail to comply with the standard. These issues of data exploitation practices are just a little part of a bigger problem. Now is the time to make companies accountable to the GDPR and the people.
These complaints also focus on the need for American companies to be sure that they are totally compliant with GDPR to steer clear of the prohibitive penalties when they breach it. Lots of privacy supporters are centering their efforts on making sure that big multinational firms are not breaking the new regulation.
Privacy International is doing a campaign that challenges organizations, such as those involved in the complaints, to maintain transparency, lawfulness, fairness, purpose restriction, data minimization, accuracy, confidentiality and integrity. It is additionally seeking further inspections with respect to the following Articles:
Articles 13 and 14 – the right to information
Article 15 – the right of access
Article 22 – automated decision making and profiling
Article 25 – data protection and by design and default
Article 35 – data protection impact assessments