Adtech companies are facing new legal challenges in Norway, following the release of a report which accuses the online advertising industry of “systematically breaking the law”. 

According to a study from the Norweigan Consumer Council, the ad industry’s “illegal collection and indiscriminate use of personal data” continues, 20 months after the GDPR came into effect.  

The group commissioned the cybersecurity company Mnemonic to perform a technical analysis of the data traffic from 10 popular mobile apps to map out the surveillance system which is used to target digital advertising. 

The report found the 10 apps, which include popular dating and period tracking apps, sent user data to at least 135 different third parties involved in advertising and/or behavioural profiling.

These practices are out of control and in breach of European data protection legislation. The extent of tracking makes it impossible for us to make informed choices about how our personal data is collected, shared and used,” said Finn Myrstad, director of digital policy in the Norwegian Consumer Council.

Off the back of the study, the Norweigan Consumer Council is filing complaints against gay dating app Grindr and five adtechs it sends user data to — Twitter’s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato. 

The complaints are directed to the Norwegian Data Protection Authority for breaches of the GDPR. 

GDPR violations can result in fines up to €20 million or 4 per cent of global revenue, whichever is higher. 

While most of the apps in the study shared information such as IP addresses, Advertising ID and GPS to third parties, the dating app OkCupid went further, sharing highly personal data about sexuality, drug use, political views, and more with the analytics company Braze, according to the report. 

“This massive commercial surveillance is systematically at odds with our fundamental rights and can be used to discriminate, manipulate and exploit us. The widespread tracking also has the potential to seriously degrade consumer trust in digital services,” says Myrstad. 

The report urges data protection authorities to enforce the GDPR, and for advertisers and publishers to look toward alternative digital advertising methods that respect fundamental rights, such as contextual advertising, which doesn’t require a detailed profile of a consumers’ digital footprint. 

“The situation is completely out of control. In order to shift the significant power imbalance between consumers and third party companies, the current practices of extensive tracking and profiling have to end,” said Myrstad.

Previous post

Google to kill off third party cookies - eventually

Next post

Retailers must unlock the power of data, says Microsoft CEO

Join the digital transformation discussion and sign up for the Which-50 Irregular Insights newsletter.