14 DAY TRIAL // User rights group Privacy International asked for an investigation of the data collection practices of multiple data brokers, credit reference agencies, and ad-tech companies in multiple complaints filed with the data protection authorities from France, Ireland, and the UK.
Moreover, the complaints are filed against Acxiom, Oracle, Criteo, Quantcast, Tapad, Equifax, and Experian, and are urging the petitioned data protection authorities to "protect individuals from the mass exploitation of their data."
According to Privacy International, their "complaints target companies that, despite exploiting the data of millions of people, are not household names and therefore rarely have their practices challenged."
The complaints are related to the companies' way of collecting the data of millions of users for creating profiles which contravene the General Data Protection Regulation which is in effect since May 25.
Privacy International's complaints against the companies are based on more than 50 Data Subject Access Requests, combined with specific info gathered from most of their privacy policies and marketing materials.
The companies being investigated have broken a slew of GDPR principles according to the user rights group
"PI is encouraged that the UK's Information Commissioner's Office (ICO) has issued assessment notices to Acxiom, Equifax, and Experian," says Privacy International's press release.
"We are asking the ICO to take into account our submissions in the context of their ongoing investigation and urge the ICO to widen its investigation to include Criteo, Oracle, Quantcast, and Tapad."
As detailed by Privacy International, the companies that it had filed complaints against fail to comply with multiple principles of GDPR, namely "transparency, fairness, purpose limitation, data minimization, accuracy and confidentiality and integrity."
Privacy International complaints are reasonable considering that most of the companies accused of collecting their customers' data and processing it without following the GDPR principles have gone through at least one security breach which exposed all the data they gathered.
"They amass vast amounts of data about millions of individuals, repurpose these data to infer (profile) more data (accurate and inaccurate) about individuals, then share this data with a multitude of third parties for innumerable purposes. Many have also had data breaches in the past," also said Privacy International.