• 0Panier
datalex
  • Accueil
  • Domaines
    • Protection des données
      • Conformité LPD & RGPD
      • DPO externalisé
      • Protection des données pour particuliers
      • Big data et objets connectés
      • Formation protection des données
    • Droit de la santé & Sciences de la Vie
      • COVID-19 | MINI-SÉRIE ET CONSEILS JURIDIQUES
      • Santé connectée & télémédecine
      • Dispositifs médicaux | MedTech
      • Entreprises pharmaceutiques
      • Médecine & Technologies
      • Formation santé numérique
    • Technologies avancées
      • Drones
      • Sites Internet, Apps et plate-formes eCommerce
      • Contrats IT et cloud computing
      • Intelligence artificielle
      • Blockchain et crypto-monnaies
    • Cyber criminalité
      • Fraude sur Internet
      • Cyber sécurité
      • Défense en justice
      • Formation en droit pénal des nouvelles technologies
  • Prendre rendez-vous
  • Actualités
  • Qui nous sommes
    • Gabriel Avigdor
    • Dr Ludovic Tirelli
  • Contact
  • FR
  • EN
  • Menu Menu
tinder-dating-datalex

Tinder & Cie | How AdTech companies are illegally collecting massive user data

Actualités, privacy

A Norwegian study called « Out Of Control » was published today 14 January 2020, reporting how the AdTech industry is using Mobile Applications, including online dating platforms, such as Tinder, Grindr, Clue or OKCupid are massively collecting user data through mobile apps and sharing personal and sensitive personal data to third parties without the user’s consent, information and alleging clear violations of the GDPR.

Two reports are available which includes:

  1. a general overview called OUT OF CONTROL: How consumers are exploited by the online advertising industry; and
  2. a technical report called “OUT OF CONTROL” – A REVIEW OF DATA SHARING BY POPULAR MOBILE APPS.

The first 186 pages report shows how consumers are exploited by the online advertising industry.

WHAT THE REPORT CONTAINS

This Norwegian study, coordinated with 10 other associations, including the Swiss French speaking division of the Swiss Consumer Federation, reports how consumers are exploited by the Adtech industry via mobile Apps using dating platforms. The disclosure of personal data, involved, in some case, even HIV status of member of online dating platforms for target advertising, even using personal data for discrimination. 

The first report (non technical) talks about (1) Profiling and targeted advertising, and how the players of the adtech industry are organized to get the most of personal data, especially to monetize it; (2) the harmful effects of profiling and behavioural advertising, such as discrimination, manipulation, lack of trust, asymmetries in the digital world, fraud, freedom of expression, etc.; (3) the data flows with third parties and how the transfer mechanisms between mobile Apps and third parties work to allow « shadow companies » to use such data to make profits; (4) information and pretended choices for the users; (5) a legal analysis of the requirements and potential violations of the GDPR.

WHAT THE LEGAL ANALYSIS EXPLAINS

The legal analysis provides 2 elements that are of interests: (1) the roles and responsibilities of the parties (controllers, processors and joint controllers); and (2) what legal bases could or should be used.

Different parties

The report explains that in terms of roles and responsibilities:

  • the consumer is the data subject;
  • the app providers are controllers,
  • the AdTech third parties receiving personal data from the apps are either processors, separate controllers, or joint controllers, depending on how and under what terms they use the personal data;
  • third parties providing basic analytics or error logging functions for the app provider may be considered a data processor if it is acting only upon the instructions of the publisher ;
  • marketers that are involved in the purchase of targeted advertising can be considered joint controllers, even if they do not actually process personal data themselves, as long as they define the means purposes of the processing.

Legal bases

The report refers (p. 168) to the EDPS and art. 29WP’s opinion that « the opt-in consent would almost always be required […] for tracking and profiling for purposes of direct marketing, behavioural advertisement, location-based advertising or tracking-based digital market research. ». This means that unless there is another legal basis, such as the legitimate interest of the company processing the data, consent is the only way to justify this processing activity (in some cases explicit consent should even be necessary) to comply with the GDPR.

THREE COMPLAINTS TO DATA PROTECTION AUTHORITIES

As a result, 3 complaints have been filed to Data Protection Authorities by the Norwegian Consumer Council against Grindr and five other companies, such as Twitter’s MoPub, AT&T, AppNexus, OpenX, AdColony and Smaato.

The first complaint (available here) is filed against Grindr, AppNexus Inc and OpenX Software Ltd.. To take the example of Grindr, the report outlines that the following personal data are collected:

  • chat message text, chat message images,
  • e-mail address, display name, “About Me”, age, height, weight,
  • body type, position, ethnicity, relationship status,
  • “My Tribes”, “I’m Looking For”,
  • gender, pronouns,
  • HIV status, last tested date,
  • profile picture, linked Facebook data, linked Twitter data, linked Instagram data,
  • location data, IP address, and device ID, such as Google Advertising ID

Such categories of personal data are shared with 3rd party analytics and advertising companies performing behavioral advertising on the free versions of the Apps.

More information on the study on the web page of the « Out of Control » report, with the standard report and the technical report accessible here.

14 janvier 2020
https://www.datalex.ch/cms/wp-content/uploads/2020/01/dating-scaled.jpg 1920 2560 Gabriel Avigdor https://datalex.ch/cms/wp-content/uploads/2019/10/datalex_green-300x138-300x138.png Gabriel Avigdor2020-01-14 23:25:442020-02-14 11:39:40Tinder & Cie | How AdTech companies are illegally collecting massive user data

Meet the founding Partners of datalex & Penalex in this interview

Actualités

In this interview, Dr Ludovic Tirelli & Gabriel Avigdor tell you more about datalex.ch & penalex.ch.

datalex llc is a Swiss company owned by Swiss qualified lawyers providing legal services to local and foreign businesses. As subject matters experts, our partners explain the three pillars of datalex & Penalex and the guiding principles behind those legal platforms.

Also, you will learn more about their background, expertise, experience & knowledge and the benefits of using those digital legal platforms.

Lire la suite
1 décembre 2019
https://www.datalex.ch/cms/wp-content/uploads/2019/10/datalex_JS1_0242.jpg 580 1200 Gabriel Avigdor https://datalex.ch/cms/wp-content/uploads/2019/10/datalex_green-300x138-300x138.png Gabriel Avigdor2019-12-01 22:35:582020-02-14 11:39:50Meet the founding Partners of datalex & Penalex in this interview

Storing cookies requires internet users’ active consent

Actualités

The German Federation of Consumer Organisations has challenged before the German courts the
use by the German company, Planet49, of a pre-ticked checkbox in connection with online
promotional games, by which internet users wishing to participate consent to the storage of
1
cookies. The cookies in question aim to collect information for the purposes of advertising
Planet49’s partners’ products.
The Bundesgerichtshof (Federal Court of Justice, Germany) asked the Court of Justice to interpret
2
In today’s judgment, the Court decides that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way of a pre- checked checkbox which that user must deselect to refuse his or her consent.
That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data. EU law aims to protect the user from any interference with his or her private life, in particular, from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge.
The Court notes that consent must be specific so that the fact that a user selects the button to participate in a promotional lottery is not sufficient for it to be concluded that the user validly gave his or her consent to the storage of cookies.
Furthermore, according to the Court, the information that the service provider must give to a user includes the duration of the operation of cookies and whether or not third parties may have access to those cookies.

30 octobre 2019
https://www.datalex.ch/cms/wp-content/uploads/2019/10/datalex_photo-1525373698358-041e3a460346.jpeg 1625 1300 Gabriel Avigdor https://datalex.ch/cms/wp-content/uploads/2019/10/datalex_green-300x138-300x138.png Gabriel Avigdor2019-10-30 00:15:432019-10-30 00:34:22Storing cookies requires internet users’ active consent

Categories

  • Actualités
  • Catégorie BD 2
  • privacy

Nos dernières news

  • tinder-dating-datalexTinder & Cie | How AdTech companies are illegally collecting massive user data14 janvier 2020 - 23 h 25 min
  • Meet the founding Partners of datalex & Penalex in this interview1 décembre 2019 - 22 h 35 min
  • Storing cookies requires internet users’ active consent30 octobre 2019 - 0 h 15 min
Suivez nos actualités

Conditions d’utilisation – Règles sur les cookies – Politique de confidentialité

Faire défiler vers le haut