noyb.eu’s Post

Advertising broker #Xandr (a Microsoft subsidiary) collects and shares the personal data of millions of Europeans for detailed targeted advertising. This allows Xandr to auction off advertising space to thousands of advertisers. But: although only one ad is ultimately shown to users, all advertisers receive their data. ➡ This may include personal details concerning their health, sexuality or political opinions. ➡ Also, despite selling its service as “targeted”, the company holds rather random information: the complainant apparently is both a man, a woman, employed and unemployed. ➡ This could allow Xandr to sell ad space to multiple companies who think that they are targeting a specific group. ➡ As if that were not enough, Xandr does not comply with a single access request. noyb has now filed a GDPR complaint. #noyb #Xandr #Advertising https://lnkd.in/ei8EtFKw

"Advertising broker Xandr (a Microsoft subsidiary) collects and shares the personal data of millions of Europeans for detailed targeted advertising. This allows Xandr to auction off advertising space to thousands of advertisers. But: although only one ad is ultimately shown to users, all advertisers receive their data. This may include personal details concerning their health, sexuality or political opinions. Also, despite selling its service as “targeted”, the company holds rather random information: the complainant apparently is both a man, a woman, employed and unemployed. This could allow Xandr to sell ad space to multiple companies who think that they are targeting a specific group. As if that were not enough, Xandr does not comply with a single access request. noyb has now filed a GDPR complaint." #Privacy #GDPR #dataprotection #Microsoft #TargetedAdvertising #Xandr   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/d5X7FDDD

The privacy organisation NOYB (None Of Your Business) has filed a GDPR complaint against Microsoft's advertising broker subsidiary, Xandr. NOYB said that Xandr is collecting extraordinary amounts of data to profile users to operate its services, but data on its own website shows that it complied with none of the 1,294 access requests and 660 deletion requests made under GDPR. Many people are not going to have heard of Microsoft's Xandr or what it does. NOYB has a nice explainer in its announcement: "If companies want to use targeted advertising to promote their products or services online, they have to go through so-called Real Time Bidding (RTB) platforms. One such platform is run by Microsoft subsidiary Xandr, which allows advertisers to buy ad space on websites or in mobile apps in a fully automated way. When a user visits a website, an algorithmic auction takes place in order to decide which company can display an advertisement. Because a users’ interests and characteristics ultimately determine an advertiser’s willingness to place an ad, Xandr collects and shares a massive amount of personal data in order to profile the users and to allow for targeting. Much of that data is bought by external parties like emetriq, a subsidiary of [Deutsche Telekom]." #databreach #GDPRbreach https://lnkd.in/d8cUR6S6

What will be really interesting about this decision is the data Meta collects on whether users opt-in or opt-out -- Facebook, Instagram, and WhatsApp are such huge platforms that switching to consent as a basis of processing for behavioral advertising, even if only limited to Europe, would almost serve as a referendum on public feelings about -- and attention to -- the use of personal data by social media companies. (Not that I anticipate Meta making this data public 😁.) #meta #facebook #noyb #consent #gdpr #privacy #dataprotection #optin https://lnkd.in/e76QEZRC

👩⚖️ Meta challenges proposed ban on Facebook and Instagram processing personal data for advertising ❗ 🇮🇪 The Irish subsidiary of Meta has filed a High Court challenge to a proposed immediate ban on its Facebook and Instagram platforms processing personal data for use in behavioural advertising. The action comes after the tech company was recently served with an enforcement 📜 notice by the Data Protection Commission, following EDPB's Urgent Binding Decision at the end of October, informing Meta Platforms Ireland Ltd that it has seven days to stop processing data for use in advertising based on users' online activities and interests. Failure to comply with the enforcement notice is a criminal offence. The applicant is the controller and service provider for Meta's platforms in Europe… read more in Breaking News Ireland. --- #SypherPrivacyTalks Stay tuned for more:📌 follow the Sypher Solutions company page. We'll keep you updated on #dataprotection, #privacy, #privacymanagement, #GDPR, #GDPRcompliance, #DPO, #cookies, #consent.

How much is your personal #data worth to Meta? The company is planning to charge users in the EU £11 per month for an ad-free version of Instagram or Facebook. Meta is under pressure in the EU to obtain people's consent before using their personal information to target ads at them. Meta makes its money from advertising so this involves a huge shift in its business model. The charge is expected to come into effect in November. #privacy #GDPR #CCPA #DataProtection #AdTech #SurveillanceCapitalism https://lnkd.in/ebhsFC5K

"Reddit is removing the ability for some users to opt out of ad personalization based on their activity on the platform. Announced on Wednesday alongside several incoming updates to its privacy, advertising, and location settings, Reddit’s head of privacy, Jutta Williams, justified the change by saying that Reddit 'requires very little personal information' from its users and that it would allow the company to 'better predict which ad may be most relevant to you.' Williams contends that the vast majority of Reddit users 'will see no change to their ads,' and users who had previously opted out of ad personalization 'will not result in seeing more ads or sharing on-platform activity with advertisers.' The updates to the platform’s advertising settings will roll out over the next few weeks. [...] European countries might be exempt from the forced opt in as the change would likely bring Reddit into direct conflict with the EU’s GDPR rules, which require companies to get express permission to collect or process personal data for use in activities like advertising." #GDPRandNonEUcompanies #EDPObrussels #EUrepresentative #DataProtection #UKrepresentative #EDPOuk #UKGDPR #EUGDPR #GDPR #Reddit #Consent #OptIn #TargetedAds #Privacy #OptOut Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/dWmaFK7q

Reddit will no longer let you opt out of personalized ads "Reddit’s head of privacy, Jutta Williams, justified the change by saying that Reddit “requires very little personal information” from its users and that it would allow the company to “better predict which ad may be most relevant to you.” " "Exceptions have been made for “select countries,” though the exact regions have not been specified. European countries might be exempt from the forced opt in as the change would likely bring Reddit into direct conflict with the EU’s GDPR rules, which require companies to get express permission to collect or process personal data for use in activities like advertising. " "The company says that its process of combining manual tagging with machine learning to classify the ads isn’t likely to be 100 percent successful at first but expects it to improve over time." https://lnkd.in/dqVQe4-c Platform: The Verge Author: Jessica Weatherbed #privacy #dataprivacy #reddit #socialmediaplatform #personalizeddata #gdpr #targetedads #personalizedads

Not much time has passed since the last time Facebook's privacy policy was in the news. By the end of March the entity announced switching its legal basis for behavioural advertising purposes from the performance of contract need (which had been judged illegal by the Irish DPC in January, leading to a 390 million euros fine) to its legitimate interest. However, yesterday the company changed direction and announced its intention to change the legal basis again in favour to "consent". The truth is that this recent decision seems appropriate given that the legitimate interest seems e-Privacy Directive sets out consent as the only valid legal basis for gaining acces to the information stored in the terminal equipment of an user. However, it is not clear yet how this decision is to be implemented and some worry that Meta may incur in dark patterns (practice that would render consent invalid) in order to foster getting individuals consent. Nonetheless it must be recalled that many of the Meta platform users are minors and, as per GDPR, consent is not valid when given by a minor of less than 16 years old (although member states can reduce this age to a minimum of 13 years old, and some of them, such as Spain, have reduced it accordingly). Additionally, article 28.2 of the recent Digital Services Act bans carrying out profiling techniques for the purpose of offering behavoural ads when the platform providers are aware with reasonable certainty that the user is a minor. https://lnkd.in/d4PpNt4g

🔥Meta expressed its intention to change a legal basis for processing personal data of Facebook and Instagram users from the EU, EEA and Switzerland for behavioral ads from "legitimate interest" to "consent." We continue following a very interesting story with Meta: we recently posted about changing a legal basis from "performance of a contract" to "legitimate interest" in Meta's WhatsApp and suggested that this was not the end of the story: https://lnkd.in/ehQTsCr6. Meta announced the switch to "consent" against the backdrop of a temporary ban��� on behavioral advertising on #Facebook and #Instagram, imposed in July by the Norwegian Data Protection Authority (Datatilsynet) in a ruling that it violated the GDPR by using "legitimate interest" to process personal data for those purposes: https://lnkd.in/dtZJUHz3. 👉Datatilsynet provided a balancing test in the detailed decision, and its result was not in Meta's favor: https://lnkd.in/eJxnJtx9. ❗We always recommend using "legitimate interest" extremely carefully and always backing it up with a documented balancing test. We will keep track of the further developments of this story, the origin of which you can read in the article by Alexey Ivanov: https://lnkd.in/eic2bcbT. 📣If you need assistance in determining the appropriate legal basis for processing personal data, we at ESPE will be happy to help: legal@especg.com📨, https://especg.com/, www.especg.com. #meta #facebook #datatilsynet #gdpr #gdprcompliance #dataprivacy #edpb #noyb #success #ESPE