Swipe Insight Swipe Insight Logo

Microsoft's AdTech Arm Xandr Accused of Breaching EU Privacy Regulations

July 10, 2024 at 9:20:40 AM

TL;DR Microsoft-owned adtech business Xandr faces a GDPR complaint in Italy, supported by privacy group noyb. Xandr is accused of transparency failings and data access rights breaches, allegedly denying all data access and deletion requests. The complaint could lead to fines up to 4% of Microsoft's global turnover. Xandr claims pseudonymous data exempts it from GDPR compliance, but noyb argues this is not credible.

Microsoft's AdTech Arm Xandr Accused of Breaching EU Privacy Regulations

Microsoft-owned adtech company Xandr is facing a complaint from the European privacy advocacy group noyb, alleging GDPR violations. The complaint, filed in Italy, accuses Xandr of failing to provide transparency and breaching data access rights for individuals in the EU. If successful, this could result in fines up to 4% of Microsoft's global annual turnover.

Key Allegations

  • Transparency Failings: Xandr is accused of not responding to data access requests, thus violating GDPR Articles 5(1)(c) and (d); 12(2); 15 and 17.
  • Inaccurate Data: The complaint claims that Xandr holds inaccurate information about individuals, impacting the quality of its ad targeting services.
  • Non-compliance with Data Access Requests: Xandr allegedly denied all access and deletion requests in 2022, citing the pseudonymous nature of the data as a reason for non-compliance.
  • High Levels of Inaccuracy: Research indicates that Xandr's data on individuals is often contradictory and inaccurate, raising questions about its ad targeting efficacy.

Regulatory Risks

  • Acquisition Background: Microsoft acquired Xandr in late 2021 to bolster its digital advertising business. However, this acquisition has introduced regulatory risks.
  • Data Access Metrics: Xandr's own web page reveals it denied all 1,294 access requests and 600 deletion requests in 2022, claiming it couldn't verify the identity of the requestors.
  • Legal Implications: GDPR considers pseudonymous data as personal data, requiring compliance with data access rights. The European Data Protection Board (EDPB) guidelines suggest adtech companies should be able to identify individuals requesting data access.

Inaccuracy and Data Quality

  • Contradictory Data: Data obtained from Xandr's supplier, emetriq, showed wildly inaccurate and contradictory personal data about individuals, questioning the reliability of Xandr's ad targeting.
  • Potential Misuse: The chaotic variety of conflicting information could allow Xandr to sell the same user profile differently to various business partners.

The noyb-backed complaint against Xandr underscores significant GDPR compliance issues, particularly around data access and accuracy. The outcome could have substantial financial and operational implications for both Xandr and its parent company, Microsoft.

Have more questions on this topic? Ask our AI assistant for in-depth insights.

Read more from sources 👇

noyb
noyb
- Microsoft-owned adtech business Xandr faces a GDPR complaint in Italy, supported by privacy group noyb. Xandr is accused... Visit Source Open external source URL

The Only Digital Marketing Feed You'll Ever Need.

Stay informed your way. Tailored updates when and how you want them. 100% Free.

10,000+ Users

500+ Sources

1000+ Tools

Or

Related Posts

Justice Department Pushes Google to Spin Off Chrome Browser Trending ️‍🔥

Justice Department Pushes Google to Spin Off Chrome Browser

Tracking Compliance Monitoring +2 more
Audit your GA4 account in Minutes

Audit your GA4 account in Minutes

Sponsored
GA4 Auditor
GA4 Auditor

Verified Sponsor

Verified Sponsor

GA4 Auditor is a Verified Sponsor. Want to get featured here? Contact us.

Verified Sponsor
Open Source
Meta Fined €797 Million for Abusing Dominant Position in EU Market

Meta Fined €797 Million for Abusing Dominant Position in EU Market

Compliance Monitoring Meta
Microsoft Accuses Google of 'Shadow Campaigns' to Undermine Its Cloud Business

Microsoft Accuses Google of 'Shadow Campaigns' to Undermine Its Cloud Business

Compliance Monitoring Microsoft
Microsoft
Microsoft

Official Source

Official Source

Microsoft is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Irish Data Protection Commission fines LinkedIn Ireland €310 million

Irish Data Protection Commission fines LinkedIn Ireland €310 million

Compliance Monitoring LinkedIn
US Government Considers Breakup of Google Over Antitrust Violations Trending ️‍🔥

US Government Considers Breakup of Google Over Antitrust Violations

Paid Search Compliance Monitoring +1 more
CNN
CNN
Judge Orders Google to Open Android to Rival App Stores for Three Years

Judge Orders Google to Open Android to Rival App Stores for Three Years

Compliance Monitoring ASO
Google Argues Closed Ad Ecosystem Enhances Security Amid DOJ Antitrust Claims

Google Argues Closed Ad Ecosystem Enhances Security Amid DOJ Antitrust Claims

Paid Search Compliance Monitoring +1 more

Related Tools

GA4 Auditor logo

GA4 Auditor

Verified Tool

Verified Tool

GA4 Auditor is a Verified Tool. Want to get this badge? Contact us.

Verified Tool

Automated GA4 audits with actionable insights

Data Analysis
Open in new tab

Get Featured Here

Showcase your tool in this list.

Contact Us