Ireland’s evasive response to a major security complaint filed against Google’s adtech the year the European Union’s General Data Protection Regulation (GDPR) came into application is the target of a new lawsuit that accuses the Data Protection Commission (DPC) of years of inaction over what the complainants assert is “the largest data breach ever.”
The litigation has been prepared by the Irish Council for Civil Liberties (ICCL), whose senior fellow, Johnny Ryan, is named as the plaintiff. A former adtech insider turned whistleblower, Ryan has amped up pressure on the industry for reform through a series of strategic GDPR complaints. But, more recently, his complaints have increasingly targeted the DPC itself.
At issue is the DPC’s response to a long-running complaint about Google’s role in the high-velocity trading of web users’ personal data to determine which ads get served — and, more specifically, the lack of attention the data-trading systems of the tracking-based advertising industry pay to security.