Microsoft's Xandr grants GDPR rights at a rate of 0%

This is the industry standard for advertising. Even way before GDRP!

Remember when Verizon was caught "super cookie"ing all their subscribers http requests?

What did verizon do? moved the super cookie shenanigans under their subsidiary AOL. Then when AOL got a slap on the wrist too, what verizon did? bought Yahoo and moved the shenanigans there. ...When those tactics where not technically possible anymore it sold all ad subsidiaries for the purchase price.

I call that «Regulatory Condoms». It works fine for enforcement that gives warnings before fines.

> Your privacy is important to us. This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.

When you're selling it, I'm sure it is important to you.

Companies need to be slapped with a non-negligible percentage fine of revenue. They will learn fast to respect the law, and by extension, people's privacy.

What!? The entire ad industry is a scam to everyone involved? Who could have for seen this?

EU just needs to keep slapping them with fines until it sinks in that laws are not suggestions

But... in addition to going to the authorities, which may fix something but only for the EU...

Just make more public how good their targeting database is. For example, tell their customers.

Might be more efficient.

Opt out https://monetize.xandr.com/privacy-center/opt_out

I think this should be the page where you can make a gdpr data access/deletion/correction request https://monetize.xandr.com/privacy-center/access_correction_...

I have just done one just to wait for their rejection and then file a complaint to the Italian privacy authority

Furthermore, you might wanna look into adnauseam, a ublock origin fork that blocks ads while simulating a click on them so that the effectivity of ads is decreased

The RTB industry is IMO missing a trick by using properties of people for targeting rather than "info vectors" and "bloom lists".

The info vectors would be generated by a neural net based on all information known about a customer. The vectors would specifically not be usable to identify a customer, and therefore not count as PII under GDPR rules. The vectors would be trained to predict the probability of clicking an ad (the pCTR). Using that training metric, everything an advertiser cares about will end up encoded in the vector, whilst no individual private piece of info (eg. sexual orientation) is extractable with any certainty.

Notably, these vectors will be addable, allowing multiple companies to add their vectors on one visitor, creating a new vector with even greater predictive strength, but no company shares their private customer data to competitors.

The 'bloom lists' will be able to identify customers, but only probabilistically. They will encode data such as "user bob@mail.com has an account at Walmart, Lowes and Target". However, the data they hold is only right ~99% of the time, since it is implemented with a bloom filter. That allows businesses to do remarketing to specific users, for example past customers. No individual user could ever be sure they are or are not part of such a filter, and hence it again doesn't meet the EU's PII definition.

By using the above two, I believe the total CTR can be increased (since users get better targeted), whilst also giving users the privacy they expect.

> Previous research has shown that Xandr collects hundreds of sensitive profiles of Europeans containing information about their health, sex life or sexual orientation, political or philosophical opinions, religious beliefs or financial status. Specific segments include things like ‘french_disability’, ‘pregnant’, ‘lgbt’, ‘gender_equality’ and ‘jewishfrench’.

I don't read German (which I think the justifying article is written in) - is this linking directly to personally identifiable information? If I have an ID in a cookie that links to these groupings, it is not necessarily the same as a GDPR breach.

Would someone mind clarifying this one who's more familiar with Xandr/reading German?

Maybe it's because I just woke up, but this headline was really confusing to me. I believe it's saying the ad broker Xandr, owned by Microsoft, does not comply with GDPR, and has a 0% compliance rate with GDPR requests.