Microsoft's Xandr grants GDPR rights at a rate of 0%
Microsoft's Xandr faces GDPR violation accusations for sharing inaccurate personal data without complying with access requests. A complaint seeks investigation and corrective actions, including a potential fine of 4% of annual turnover.
Read original articleMicrosoft's subsidiary Xandr, an advertising broker, has been accused of violating GDPR rights by collecting and sharing personal data of Europeans for targeted advertising without complying with access requests. Despite claiming to offer targeted advertising, Xandr's data appears to be random and inaccurate, potentially allowing multiple companies to target the same group. The company has a 0% response rate to GDPR access and erasure requests, raising concerns about transparency and accuracy. A complaint has been filed against Xandr for breaching GDPR regulations, including issues with transparency, access rights, and data accuracy. The complaint highlights violations of GDPR articles and requests an investigation by the Italian data protection authority. Xandr's practices have been criticized for potentially misleading advertisers with inaccurate user information. The complaint seeks corrective actions and a fine of up to 4% of Xandr's annual turnover for non-compliance.
Related
Apple found in breach of EU competition rules
Apple breached EU competition rules by not complying with the Digital Markets Act, hindering app developers from directing consumers to alternative channels. The company faces fines if not compliant within 12 months.
EU Accuses Apple App Store Steering Rules of Violating DMA, Opens Investigation
The European Commission accuses Apple of Digital Markets Act violations related to App Store policies, anti-steering rules, and excessive fees. Apple claims compliance with the law. Investigation ongoing, potential fines pending.
Apple is first company charged with violating EU's DMA rules
Apple is the first company charged under the EU's Digital Markets Act for App Store policies hindering competition. Investigations focus on fees, alternative app stores, and compliance changes. EU aims to prevent anti-competitive practices.
Facebook and Instagram's 'pay or consent' ad model violates the DMA, says the EU
The European Union charges Meta for violating Digital Markets Act with its ad model lacking a data-saving option. Meta faces potential fines up to $13.4 billion. Second DMA charge after Apple's.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
Remember when Verizon was caught "super cookie"ing all their subscribers http requests?
What did verizon do? moved the super cookie shenanigans under their subsidiary AOL. Then when AOL got a slap on the wrist too, what verizon did? bought Yahoo and moved the shenanigans there. ...When those tactics where not technically possible anymore it sold all ad subsidiaries for the purchase price.
I call that «Regulatory Condoms». It works fine for enforcement that gives warnings before fines.
When you're selling it, I'm sure it is important to you.
Just make more public how good their targeting database is. For example, tell their customers.
Might be more efficient.
I have just done one just to wait for their rejection and then file a complaint to the Italian privacy authority
Furthermore, you might wanna look into adnauseam, a ublock origin fork that blocks ads while simulating a click on them so that the effectivity of ads is decreased
The info vectors would be generated by a neural net based on all information known about a customer. The vectors would specifically not be usable to identify a customer, and therefore not count as PII under GDPR rules. The vectors would be trained to predict the probability of clicking an ad (the pCTR). Using that training metric, everything an advertiser cares about will end up encoded in the vector, whilst no individual private piece of info (eg. sexual orientation) is extractable with any certainty.
Notably, these vectors will be addable, allowing multiple companies to add their vectors on one visitor, creating a new vector with even greater predictive strength, but no company shares their private customer data to competitors.
The 'bloom lists' will be able to identify customers, but only probabilistically. They will encode data such as "user bob@mail.com has an account at Walmart, Lowes and Target". However, the data they hold is only right ~99% of the time, since it is implemented with a bloom filter. That allows businesses to do remarketing to specific users, for example past customers. No individual user could ever be sure they are or are not part of such a filter, and hence it again doesn't meet the EU's PII definition.
By using the above two, I believe the total CTR can be increased (since users get better targeted), whilst also giving users the privacy they expect.
I don't read German (which I think the justifying article is written in) - is this linking directly to personally identifiable information? If I have an ID in a cookie that links to these groupings, it is not necessarily the same as a GDPR breach.
Would someone mind clarifying this one who's more familiar with Xandr/reading German?
Related
Apple found in breach of EU competition rules
Apple breached EU competition rules by not complying with the Digital Markets Act, hindering app developers from directing consumers to alternative channels. The company faces fines if not compliant within 12 months.
EU Accuses Apple App Store Steering Rules of Violating DMA, Opens Investigation
The European Commission accuses Apple of Digital Markets Act violations related to App Store policies, anti-steering rules, and excessive fees. Apple claims compliance with the law. Investigation ongoing, potential fines pending.
Apple is first company charged with violating EU's DMA rules
Apple is the first company charged under the EU's Digital Markets Act for App Store policies hindering competition. Investigations focus on fees, alternative app stores, and compliance changes. EU aims to prevent anti-competitive practices.
Facebook and Instagram's 'pay or consent' ad model violates the DMA, says the EU
The European Union charges Meta for violating Digital Markets Act with its ad model lacking a data-saving option. Meta faces potential fines up to $13.4 billion. Second DMA charge after Apple's.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.