Suing the Data Protection Commission of Ireland for claimed years of delay over allegations involving the largest Google data breach ever. After the EU’s General Data Protection Regulation (GDPR) was passed, the watchdog was allegedly secretive in reacting to security allegations against Google.
The Irish Council for Civil Liberties (ICCL) drafted the lawsuit, with senior fellow Johnny Ryan as the plaintiff.
There is a long-standing criticism about Google’s role in the high-speed trading of online users’ personal data to determine which ads are delivered — and specifically about the industry’s lack of attention to security.
In its claim, the ICCL accuses the DPC of failing to respond to a huge data breach.
Ryan published evidence in 2020 showing how online ad targeting companies profile internet users without their knowledge or consent, criticising the DPC for its actions on the RTB security issue.
In contrast, Ireland opened an inquiry of its own accord, seeking to “determine whether processing of personal data carried out at each stage of an advertising transaction complies with the relevant provisions of the GDPR, including the lawful basis for processing, the principles of transparency and data minimisation, as well as Google’s retention practise.”