Submitted via IRC for Bytram
Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies
Equifax, Experian and Oracle are among a slate of companies whose business is consumer information, that could soon face billions of dollars in fines for improper data handling.
Privacy International has filed complaints against seven corporations, consisting of data brokers (Acxiom and Oracle), companies that provide consumer profiling and targeting data for advertising purposes (Criteo, Tapad and Quantcast), and two credit-referencing agencies that collect sensitive financial data on roughly everyone in the U.S. as well as many in Europe and elsewhere (Equifax and Experian). The complaints have been lodged with data protection authorities in France, Ireland and the U.K. The group is asking for an investigation into their data-handling practices under the auspices of Europe's strict General Data Protection Regulation (GDPR).
The GDPR, which went into effect in May, gives regulators real teeth when it comes to enforcing privacy mandates, including issuing fines of up to 4 percent of an offending company's annual turnover. That would equal billions of dollars for Fortune 500 companies such as Equifax, which consumers know from the massive data breach last year.
Aside from the credit-reporting giants, the complaints target companies that, despite collecting and using or selling the data of millions of people, are not household names.
“These complaints put under the microscope companies normally invisible to consumers,” Alan Toner, researcher at the Electronic Frontier Foundation, told Threatpost. “Internet users know little about these data brokers and advertising technology actors who are tracking their browsing activity on the web and merging this information with data collected from other online and offline sources. This occurs using unique identifiers such as cookies, device IDs and other unique identifiers. These are encompassed by the definition of personal data in the EU, which is broader than the idea of personally identifiable information used in the U.S. (names, email addresses, Social Security numbers etc.).”
“Our complaints argue that the way these companies exploit people’s data, in particular for profiling, is in contravention of the GDPR,” PI said in an announcement.
PI argues that none of the companies complies with the GDPR’s specific, named protection principles of transparency, fairness, lawfulness, purpose limitation, data minimization and accuracy.
“They amass vast amounts of data about millions of individuals, repurpose these data to infer (profile) more data (accurate and inaccurate) about individuals, then share this data with a multitude of third parties for innumerable purposes,” PI explained. “Many have also had data breaches in the past.”
Related Stories
Equifax to Pay at Least $650 Million in Largest Data-Breach Settlement Ever
The credit bureau Equifax will pay at least $650 million and potentially significantly more to end an array of state, federal and consumer claims over a data breach two years ago that exposed the sensitive information of more than 148 million people. The breach was one of the most potentially damaging in an ever-growing list of digital thefts.
The settlement, which was announced on Monday and still needs court approval, would be the largest ever paid by a company over a data breach. The deal requires Equifax to put a minimum of $380.5 million into a restitution fund for American consumers who file claims showing that they were financially harmed.
A portion of that money will pay for lawyers' fees, but at least $300 million must go to victims, according to settlement documents filed in federal court in Atlanta. If the initial cash is depleted, the company will add up to $125 million more to settle consumers' claims, bringing the total fund size to more than $500 million.
Also at: Ars Technica.
Previously:
Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies
The True Cost of a Data Breach
Equifax Admits 2.5 Million More Americans Were Affected by Cyber Theft
Equifax Data Breach Could Affect 143 Million Americans [Updated]
(Score: 1, Insightful) by Anonymous Coward on Monday November 12 2018, @02:35PM (7 children)
I hate to see this kind of thing happen, but I suppose it couldn't happen to a better bunch of companies.
(Score: 5, Insightful) by Runaway1956 on Monday November 12 2018, @03:39PM (6 children)
I'm actually happy to see this happening.
If, in the 1960's, someone had come up with a "business model" like today's big data companies, it would have looked something like this:
Post someone near both the front and rear entrances to the subject's home, and watch them come and go. Follow them everywhere, and document every interaction, whether it be shopping, visiting a relative, going to school, to church, to court, vacation. Document every purchase, including name brands, flavors, sizes, ad nauseum. At the same time, a wire tap must be installed on the subject's telephone, and every conversation must be transcripted. Television and radio listening habits must be documented, we'll just put microphones inside the house so that we may determine what they watch and listen to. Library visits will be documented, along with any subsriptions to magazines, newspapers, comic books, etc.
All of this data will be available for sale to whoever might ask for the data. We may even be able to sell the same data to several buyers.
Back then, we wouldn't tolerate our neighbors doing all of this, but today, we simply don't seem to care that unknown, shadowy figures are doing every bit of that, and more.
Sue big data into oblivion, punish the officers, punish the board members, and punish the stockholders.
(Score: 0, Disagree) by Anonymous Coward on Monday November 12 2018, @05:35PM
maybe someday someone will just shoot someone that is causing this. shooting up a bunch of teenagers or people at a bar doesn't really solve any problems.
not that i condone violence. but if there will be no gun control, at least they can be more thoughtful about their aim. then we dont have to send thoughts and prayers, because we will have had some answered when ceos and the like are called home and the board members remaining get to consider if they are next. if we are especially feeling giving in their times of need, we can send a sucks to be you instead of hopes.
(Score: 2) by MichaelDavidCrawford on Monday November 12 2018, @10:23PM (1 child)
http://pixelbegone.com [pixelbegone.com]
I say something similar but not as well
Just blackholing with hosts is only a partial solution. I have some other ideas but don't know when I can work on them
However I make clear that I don't object to advertising, just tracking. My hope is to deflate the arguments of advertisers who object to ad blockers. Many wouldn't use blockers if there were no tracking
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Informative) by Joe Desertrat on Monday November 12 2018, @11:12PM
I don't think fear of tracking was the main driving force for ad blockers. Sure, it was behind their creation, but not why they are being adopted by the general public in increasing numbers. It is the unrelentingly increasing obtrusiveness of the ads that has gotten people's attention. Pop ups, pop unders, video windows blaring away, and all the other various ways advertisers feel they are entitled to use to make sure we view their ads are what people have noticed and objected to, even the most clueless of users. Had they stuck to secretive tracking none except tech oriented users would have noticed and taken steps to avoid. It is the overreach of the advertisers that has brought ad blocking upon themselves.
(Score: 3, Interesting) by Joe Desertrat on Monday November 12 2018, @11:23PM (2 children)
I saw a quote somewhere, maybe even here at Soylent News, where they mentioned something like if someone in 1960 suggested that people carry a device that tracks every place they go and reports on everything they do or buy, the vast majority of the public would have been outraged at the suggestion. Now the public lines up to get the latest iPhone...
Ideally the civilized world would simply outlaw the collection of personally identifying information beyond that needed to do business with a customer, and the sale or transfer of such, but I suppose the companies that do those things would just move operations to "uncivilized" places. It also does not seem that any current or potential governments, "civilized" or not, would be interested in such a thing.
(Score: 2) by aclarke on Tuesday November 13 2018, @11:44AM (1 child)
I'm not trying to start a holy war between iPhones and Android phones, and iPhones/apps do leak information. However, if you're going to buy a smartphone anyway, from a privacy point of view they're still generally better than Android phones.
https://www.tomsguide.com/us/android-privacy-vs-iphone,news-27856.html [tomsguide.com]
https://www.theverge.com/2018/4/13/17233122/android-software-patch-trust-problem [theverge.com]
(Score: 0) by Anonymous Coward on Saturday November 17 2018, @09:18AM
Are better than either. And if they don't fuck it up, the new Purism phone might be better than Lineage phones as well.