These companies are data brokers Acxiom and Oracle, ad-tech companies Criteo, Quantcast and Tapad, and credit referencing agencies Equifax, Experian.
You may not have heard of them, but they’ve heard of you and are sharing whatever personal information they’ve been able to glean from you with insurance companies, advertising agencies, retailers, political parties and digital giants such as Google and Facebook, plus any other organisations that ask for it.
Infringing the GDPR
The way these companies use personal data doesn’t meet the requirements for either consent or legitimate interest, which means that they’re contravening the General Data Protection Regulation.
Where they claim that consent is a valid basis for the data processing they do, they’re unable to show how the personal data was collected and that the consent was freely given, informed, specific and unambiguous.
Privacy International has brought these companies into the spotlight because they don’t honour the data protection principles of transparency, fairness, lawfulness, purpose limitation, data minimisation, and accuracy. They also don’t have a legal basis for the way they use the personal data they hold.
Privacy International reminds us that we have the right to make these companies delete our data. Here’s how to do it.
Under the GDPR accountability ranks high in terms of how organisations collect, store and use personal data. Once these companies have been assessed and if they aren’t able to show records of how they’re striving to be compliant with the regulation, they can face fines of €20 million or 4% of their annual turnover, whichever is greater.
The age of getting away with exploiting personal data is over. With the GDPR already in place in the European Union, and with other countries following suit, it just doesn’t make business sense not to get the compliance ball rolling.