BREAKING: following PI investigation into exploitation of data, Quantcast is under investigation by Irish Data Protection Commission

BREAKING: following PI investigation into exploitation of data, Quantcast is under investigation by Irish Data Protection Commission

The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.

PI welcomes this announcement and its focus on Quantcast's use of data for profiling and the use of profiles generated for targeted advertising. PI is continuing to expose data exploitation by ad-tech companies and others. We believe this investigation provides a good opportunity to shed light on Quantcast's practices, which could lead to better protections for millions of people whose data is exploited through online targeted advertising.

"We are extremely pleased that as a result of our submission the Irish DPC are commencing an inquiry into Quantcast - a company that most of us have never heard of but that through our data builds intricate profiles of our lives. PI considers Quantcast's practices to be failing to meet the standards set by GDPR, especially with regards to profiling. The real test of GDPR will be its enforcement." Ailidh Callander - Privacy International Legal Officer

Press contact: press@privacyinternational.org

Background

  • In November 2018, Privacy International made submissions about seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with the data protection authorities in France, Ireland, and the UK.

  • We focussed on companies that, despite exploiting the data of millions of people, are not household names and therefore rarely have their practices challenged.

  • Our submissions set out why we consider that the data practices of Quantcast and the other companies do not comply with GDPR.
  • Our submissions focussed on profiling and failure to comply with the data protection principles such as (transparency, fairness, lawfulness, purpose limitation, data minimisation, and accuracy) and the requirement for a legal basis for the way they use people's data.
  • We called on regulators to investigate these companies’ compliance with the rights and safeguards in GDPR.

Further reading

We asked Quantcast for our data and here's what they said: https://privacyinternational.org/feature/2433/i-asked-online-tracking-company-all-my-data-and-heres-what-i-found

Why we’ve filed complaints against companies that most people have never heard of – and what needs to happen next: https://privacyinternational.org/advocacy-briefing/2434/why-weve-filed-complaints-against-companies-most-people-have-never-heard-and