‘Biggest data breach ever recorded’: Researcher condemns ‘consent spam’

8 Sep 2021

Image: © the_lightwriter/Stock.adobe.com

Dr Johnny Ryan of the ICCL said that ‘what the advertising industry calls consent is just a thin veneer of compliance theatre’.

The keynote speaker at the Consent 2021 international workshop on data consent management didn’t hold any punches, with Dr Johnny Ryan claiming that “consent spam” was the cause of the “biggest data breach ever recorded”.

Ryan is a senior fellow at the Irish Council for Civil Liberties (ICCL) and his work is focused on surveillance, data rights, competition, anti-trust and privacy. The workshop took place yesterday (7 September) and was organised by Science Foundation Ireland’s Adapt research centre for AI digital content technology.

At the workshop, Ryan said the form of consent that websites use has resulted in GDPR being undermined. He specifically addressed how commercial websites and apps use consent pop-ups, which can gather vast swathes of data on users.

This data can range from political views to religion and health conditions. These are accompanied by ID codes unique to the individual, which results in a “dossier” of personal information that is then available to advertisers through the process of real-time bidding (RTB).

“This is the biggest data breach ever recorded. It occurs hundreds of millions of times every day and what the advertising industry calls consent is just a thin veneer of compliance theatre covering this breach and it is a nuisance to us all and it also happens to be unlawful under the GDPR,” said Ryan.

“Those hidden dossiers about what you are doing online every day matter because they can affect your employment prospects, what deals you are offered, or they might expose you to micro-targeted disinformation.”

Ryan referred to multiple legal challenges that are ongoing in Europe relating to RTB and user data. While GDPR intended to protect the user, Ryan believes the average consumer discounts the risk of their compliance and doesn’t understand how their data could be used, likely due to the sheer volume of the so-called consent spam.

The ICCL and Ryan have regularly criticised the online advertising industry’s practices and specifically RTB.

Last year, the ICCL released a report claiming that the Irish Data Protection Commission is failing to act when it comes to concerns about RTB systems in the online advertising industry. Earlier this year, it said it was taking a case in Germany over data collection practices used by online advertisers.

Speaking about the conference, Dr Harshvardhan Pandit of the Adapt Centre said: “Data protection and privacy are priorities for individuals. Consent management as a discipline is only now becoming prominent as it creates challenges across multiple domains such as legal, technological, sociological, usability, privacy and security.

“This impacts all of us and the Consent workshop will offer an international forum for researchers and practitioners across all areas to exchange lessons learned and bring new perspectives and insights to the state-of-the-art practice of consent management.”

Sam Cox was a journalist at Silicon Republic covering sci-tech news