Quantcast, an AI powered advertising company is under investigation in Europe for potential data breach of the General Data Protection Regulations. The Irish Data Protection Commission, one of the leading regulatory bodies for multinational tech giants in Europe opened a formal probe into the ad tech veteran’s business.
As of now, there are 17 open investigations running on Facebook, WhatsApp, Instagram, Apple, Twitter and LinkedIn. Quantcast will be the latest addition to this list of potential privacy violators.
Here’s what the Irish Data Protection Commission told TechCrunch about the investigation into Quantcast:
“Since the application of the GDPR significant concerns have been raised by individuals and privacy advocates concerning the conduct of technology companies operating in the online advertising sector and their compliance with the GDPR. Arising from a submission to the Data Protection Commission by Privacy International, a statutory inquiry pursuant to section 110 of the Data Protection Action 2018 has been commenced in respect of Quantcast International Limited. The purpose of the inquiry is to establish whether the company’s processing and aggregating of personal data for the purposes of profiling and utilizing the profiles generated for targeted advertising is in compliance with the relevant provisions of the GDPR. The GDPR principle of transparency and retention practices will also be examined.”
There are several privacy concerns and accusations against Quantcast. One of the primary factors that led to the investigation was a strong likelihood that Quantcast may be processing people’s data without a proper legal basis in place. There may also be several inconsistencies in the behavioral ad targeting technology such as the consent management tools for publishers and advertisers used by Quantcast.
The head of communications of Irish Data Protection Commission, Graham Doyle said that they shall not be revealing the number of complaints they’ve received against the company.
While consumer-facing companies like Facebook, Instagram or LinkedIn have been commonly accused of malpractices in the realm of privacy, an advertising tech company such as Quantcast is an interesting addition to the list. Companies such as this lie low from the public view and silently mine user data and sell ‘marketing intelligence’ tools.
Founded in San Francisco in 2006, this company is said to have almost woven itself into the internet. It initially started by providing measurement capabilities to publishers. Ever since GDPR came into force, Quantcast has become increasingly visible to the internet users. Most of us have encountered pop ups that ask us to comply and give our consent for the websites we visit, to process our data. These pop-ups are powered by Quantcast and upon clicking the ‘I Accept’ button on such websites, we tend to give them the consent to share our user data with any ad/analytics firm the website partners with.
When companies like these, which are not on the consumer-facing end are brought under investigation, we can realize the value of GDPR enabling campaign organizations such as Privacy International that make complaints on the behalf of citizens. Most people are unaware of how ad tech works and end up with their data and privacy compromised.
A spokeswoman from Privacy International said the following about the ongoing investigation against Quantcast:
“We are extremely pleased that as a result of our submission the Irish DPC are commencing an inquiry into Quantcast. Quantcast is a company that most of us have never heard of but that amasses data and builds intricate profiles of our lives. PI’s submission sets out why we consider Quantcast’s practices are failing to meet the standards set by GDPR, especially its profiling. The real test of GDPR will be its enforcement.”
Quantcast declined to comment.