Mar 17, 2022 06:00:00

Data protection agency sued for neglecting to investigate 'Google's largest personal information breach ever'

Google offers an ad management system called

Real-Time Bidding (RTB) . Irish human rights protection organization ICCL has claimed that this RTB 'sends personal information of users to thousands of companies and violates the EU General Data Protection Regulation (GDPR)', but Ireland 's Data Protection Commission (DPC) filed a lawsuit against the DPC for neglecting to investigate Google for three and a half years.

ICCL sues DPC over failure to act on massive Google data breach - Irish Council for Civil Liberties
https://www.iccl.ie/news/iccl-sues-dpc-over-failure-to-act-on-massive-google-data-breach/

RTB, which ICCL is concerned about this time, is also called 'real-time bidding' because it is a mechanism that connects the advertiser and the advertising media in real time. The mechanism of RTB is explained in detail in the following article.

What is Real Time Bidding (RTB)? – GIGAZINE.BIZ

According to the ICCL, Google operates RTB on millions of websites, and users who visit those websites have their personal information unknowingly collected and viewed by thousands of companies. It is said that there is. ICCL views the fact that users cannot specify how companies handle personal information as a problem, and argues that this situation violates the GDPR, which requires companies to protect personal information.

ICCL Senior Fellow Johnny Ryan filed the above allegations against the DPC on September 12, 2018, and the DPC filed a complaint with Google on May 22, 2019, more than eight months after the allegations. announced that it had launched an investigation. However, the ICCL claims that ``the DPC did not protect people from RTB until March 2022, even though Google's RTB is conducting the largest data breach ever recorded.'' and filed a lawsuit against the DPC to conduct an investigation into Google.

'Since Ryan's 2018 allegation, the DPC has failed to investigate Google for three and a half years, putting the rights of people in Europe at risk,' said ICCL Executive Director Liam Herrick. Efforts to get the DPC to investigate rights infringements have repeatedly failed.Europeans and we will go to court to confirm the protection of digital rights.' In an exchange with Mr. Ryan's lawyer, DPC

denies allegations that it is delaying complaint processing.

In the past, ICCL has also claimed that `` pop-ups asking for consent to handle personal information displayed on websites '' violate GDPR. In this case, the Belgian data protection authority has recognized a violation of the GDPR, and on February 2, 2022, IAB Europe , which operates the pop-up mechanism, was fined approximately 32 million yen.

It is pointed out that the IAB Europe version of that ``popup asking for consent'' that is displayed first when you look at the page violates the GDPR-GIGAZINE