Ending illegal online advertising

When you see an advertisement online, chances are that Real-Time Bidding advertising systems (RTB AdTech) have just auctioned your personal data to hundreds of companies vying for your attention. The highest bidder serves you their ad, but winners and losers alike collect your data and combine it with other datasets to build sophisticated profiles about you for future targeting.

Subscribe to our digital rights newsletter to find out how you can help.

Get in touch to HELP stop ADTECH

Join the movement

The problem with Real-Time Bidding

What kind of personal data do AdTech companies collect? Everything from your geolocation, political beliefs and sexual preferences to your browsing habits and information about your devices.

The General Data Protection Regulation (GDPR) grants individuals powerful data rights including the right to retrieve, delete or revoke consent for the personal data companies hold. When RTB systems broadcast your personal data to thousands of faceless companies, your data rights become impossible to use.

In 2018 ORG’s executive director Jim Killock joined Dr. Johnny Ryan of Brave & Michael Veale of University College London in a joint complaint against Google and IAB. These companies provide what’s known as the framework for authorised buyers that AdTech companies operate within.

In a major win, the Information Commissioner’s Office (ICO) responded to the complaint in June 2019 agreeing that RTB’s collection of data is “taking place unlawfully at the point of collection.”

Despite agreeing with the central argument of the complaint, the ICO has failed to enforce the law. In May 2020, a year and half after the initial complaint, the ICO announced it was pausing its investigation so as not to put extra pressure on the advertising industry during Covid-19. Open Rights Group is now considering legal action.

The Story So Far

Something is rotten in the Information Commissioner’s Office

The COVID-19 test and trace system immediately hit the news for its dubious privacy policy, as well as the lack of a Data Protection Impact Assessment (DPIA).
Read more

ICO may have slowed down on AdTech, but we’re up and running

The ongoing coronavirus crisis may have pulled the brake on the Information Commissioner’s Office (ICO) enforcement of your rights, but online advertising companies are doing just fine.
Read more

Is ethical Ad-Tech possible?

Last week ORG was in Brussels at the main annual privacy conference in Europe, CPDP, which stands for Computer Privacy and Data Protection.
Read more

The AdTech showdown is coming but will the ICO bite?

The 2018 General Data Protection Regulation (GDPR) was meant to be a Good Thing – a strong law that would make businesses act responsibly and give ordinary people control over our personal data.
Read more

Response to IAB statement

IAB: We have taken note of media reports regarding an update to complaints made by ad-blocking browser developer Brave and Polish activist group Panoptykon Foundation to a number of European data protection authorities.
Read more


A brief chance for better UK data protection law

However, the GDPR’s enforcement within member countries has considerable flexibility.
Read more

ORG’s first take on the leaked e-Privacy Regulations

Blog Leak The leaked e-Privacy Regulation (ePR) brings many improved protections to our communications data, which are now extended to communications devices and internet services, not just traditional telecom providers.
Read more

More Information

Press Releases