It’s been a year since the landmark General Data Protection Regulation (GDPR) wrestled control over personal data back from Big Tech. We’re celebrating GDPR’s first birthday with a look at Open Rights Group’s (ORG) growing work to protect digital privacy.
Holding AdTech accountable
In late 2018 ORG filed a joint complaint to European data protection authorities against Google and IAB Europe for GDPR violations in their real-time ad bidding systems which often share personal data like location and browsing habits with hundreds of companies. Since then, AdTech complaints have multiplied across Europe with more recently filed in four countries as well as the Irish data protection authority opening an investigation into Google.
Taking the Data Protection Act 2018 to court
Last year Open Rights Group teamed up with campaigners for EU citizens’ rights the3million to challenge the “immigration exemption” within the Data Protection Act 2018 on the grounds that it undermines the privacy rights of literally millions of legal UK residents. In 2019 the case was granted judicial review and our legal team is currently gathering evidence in preparation for the hearing.
Empowering users with Data Rights Finder
GDPR gives us powerful new rights over our personal data, but it’s not always easy to know how to use those rights. To help ORG teamed up with ProjectsbyIF to create the webtool Data Rights Finder which cuts through the confusing language of company privacy policies to tell you exactly what data rights you have and how to flex them.
Measuring GDPR’s impact
The public conversation about GDPR is often focused on how companies achieve compliance with far less attention on its benefits to individuals. To address this disparity ORG published a report investigating UK residents’ awareness of GDPR and how well they know their new data rights. ORG also compiled and edited Volume 3 of GDPR Today which surveys GDPR’s implementation across the European Union.
Challenging vulnerabilities in age verification tech
ORG has worked steadily to raise the alarm about privacy shortfalls in age verification tools on adult websites mandated by the Digital Economy Act 2017. ORG is preparing a public resource to increase awareness about the privacy risks of age verification tech in preparation for when enforcement begins on 15 July 2019.
GDPR was a huge victory for digital privacy and has allowed ORG to advance its work protecting the UK’s personal data. Thank you for supporting our work.