French regulator launches investigation of Criteo following PI's complaint

Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.

Now, the French Data Protection Authority CNIL has informed us that they are following the same route and launching an investigation into one of these companies, Criteo!

This follows investigations by the Irish and UK Data Protection Authorities:

• Back in May 2019, the Irish Data Protection Commissioner decided to investigate Quantcast following our submission.

• The UK Information Commissioner has ongoing investigations into several data brokers and credit reference agencies, including Acxiom, Experian and Equifax. In January 2019, the ICO confirmed its focus on the AdTech industry, and in June 2019 published an update report into adtech and real time bidding, citing Privacy International’s submission, which sets out that many of the sector’s practices are unlawful. They continue to investigate.

CNIL’s confirmation that they are investigating Criteo is important and we warmly welcome it. The AdTech ecosystem is based on vast privacy infringements, exploiting people’s data on a daily basis. Whether its through deceptive consent banners or by infesting mental health websites these companies enable a surveillance environment where all you moves online are tracked to profile and target you, with little space to contest.

Under GDPR, the CNIL has the power to investigate and then, depending on the results, consider an enforcement action. These actions can range from prohibiting data being used in certain ways to fines for violations of up to 4 percent of a company’s global revenue or 20 million euros, whichever is higher. But most importantly, we hope that this investigation will lead to broader consideration of the AdTech industry and their practices, setting an example and prompting change in the ecosystem.

This is good news, but its just the beginning. We need scrutiny and enforcement of this industry to tackle this root cause of so many problems. The fight against AdTech continues.