The DPO Insider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

Human rights body asks US regulator to change tracking rules for online ads

The Irish Council for Civil Liberties has told the Federal Trade Commission that ‘real-time bidding’ internet advertising exposes consumers to ‘significant injury’.

RTB is the buying and selling of online ads through real-time auctions that take place as a website loads.

This process produces billions of records that are routinely resold by data brokers.

The ICCL has claimed that the process ‘destroys individual privacy’ and that every US internet user has their user data tracked and broadcast twice for every minute they are online.

The report states that Americans are exposed 107 trillion times a year by the real-time bidding industry in what it calls ‘the biggest data breach ever’.

The report represents a scathing breakdown of the RTB industry, especially towards the ‘false consent’ process which it claims is ‘deception on an industrial level’.

The move comes after the ICCL submitted a letter to the European Commission stating that Facebook's parent company Meta is incapable of complying with EU data rules.

In the letter, it calls Meta ‘a data free-for-all’ that makes compliance with new EU laws ‘impossible’.

The RTB report states that the process is unfit for purpose as:

• This exposes people to significant risk with examples like predatory profiling of a suicidal gambling addict, county sheriffs buying live feeds of people’s locations, and data on victims of sexual abuse being made available to buy. 

• Every year criminals exploit tracking-based advertising systems to steal billions of dollars from businesses that unknowingly pay to show ads to bots. 

• Surveillance advertising also poses significant national security risks: Google and other RTB companies broadcast the locations of Americans – including sensitive personnel - to companies around the world including those in China and Russia. 

RTB is the dominant technology behind online advertising, so any changes in this area are likely to affect many companies across a number of sectors.

Ransomware group starts publishing Medibank data as customers are warned to be vigilant

Medibank has urged its customers to be on high alert after cyber criminals started leaking personal data on the dark web.

This comes after Medibank said it would not pay the ransom demand, saying, “We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.”

The data in question is thought to contain extensive personal information including medical history.

The hackers have also claimed that they will release payment data, including encrypted keys that could potentially expose credit card details.

Medibank disputes the latter claim.

The Primeminister of Australia and the head of cyber security are also thought to be included in the breach. The breach highlights how Australian data privacy regulation is behind some of the leading regions for data security.

“I have said before we are about five years behind where we should be with regard to cybersecurity and there is a power of work under way at the moment to change that. We are working hard to protect you and to protect our country.”

Home affairs minister, Clare O’Neil

There will be a big fallout from this breach, but it’s definitely an area to keep an eye on for companies that do business down under.

Other data privacy news

World Cup apps pose a data security and privacy nightmare

Twitter’s lead EU watchdog for data protection has fresh questions for Musk

Post of the week