Ending illegal online advertising

When you see an advertisement online, chances are that Real-Time Bidding advertising systems (RTB AdTech) have just auctioned your personal data, illegally, to hundreds of companies vying for your attention.

The highest bidder serves you their ad, but winners and losers alike collect your data and combine it with other datasets to build sophisticated profiles about you.

The problem with online advertising

What kind of personal data do AdTech companies collect? Everything from your geolocation, political beliefs and sexual preferences to your browsing habits and information about your devices.

The General Data Protection Regulation (GDPR) grants individuals powerful data rights including the right to retrieve, delete or revoke consent for the personal data companies hold. When RTB systems broadcast your personal data to thousands of faceless companies, your data rights become impossible to use.

In 2018 ORG’s executive director Jim Killock joined Dr. Johnny Ryan of Brave & Michael Veale of University College London in a joint complaint against Google and IAB. These companies provide what’s known as the framework for authorised buyers that AdTech companies operate within.

In a major win, the Information Commissioner’s Office (ICO) responded to the complaint in June 2019 agreeing that RTB’s collection of data is “taking place unlawfully at the point of collection.”

Despite agreeing with the central argument of the complaint, the ICO has failed to enforce the law. In May 2020, a year and half after the initial complaint, the ICO announced it was pausing its investigation so as not to put extra pressure on the advertising industry during Covid-19. Then they dropped the investigation altogether. In early 2021 the ICO’s investigation into AdTech resumed, yet inexplicably our complaint remained closed. At the end of 2021, the ICO again confirmed AdTech is operating unlawfully, but failed to act.

Open Rights Group has taken the ICO to court. Support our legal action today.

Supporters in the EU

If you’re in the EU, you can urge your MEPs to #StopStalkerAds

Contact your MEPs

The Story So Far

A day of reckoning for IAB and Adtech

In a damning verdict, the Belgian Data Protection Authority ruled the illegality of IAB cookie consent banners.
Read more

Our Adtech challenge: what we won, what we lost and what we do next

On Friday 26 November 2021, the Upper Tribunal ruled (in Killock and Veale & Ors v Information Commissioner (GI/113/2021 and ors) on our challenge against the ICO’s handling of our complaint concerning illegal data processing in the AdTech sector.
Read more

Lloyd vs Google: UK needs collective redress

In 2012, Google hacked the web browers of million of Apple users to store data on their devices and track their activities online.
Read more

Cookie banners, explained

Cookie banners are hitting the headlines, as policymakers and activists across political divides seek to take action on them once and for all.
Read more

Adtech: let’s get rid of cookie banners

A nuisance is troubling the Internet and the digital life of Europeans: the consent or ‘cookie’ banner.
Read more

Adtech vs. iOS, explained

With their last update for the iOS operating system, Apple rolled out a feature called App Transparency Tracking framework.
Read more

#StopStalkerAds: adtech is watching you!

Following our open letter to the European Parliament, Open Rights Group are launching a new campaign that wants to #StopStalkerAds.
Read more

Adtech: an Open Letter to the European Parliament

Today, Open Rights Group, Panoptykon and Liberties EU sent an Open Letter to the European Parliament, asking them to stand up for the ePrivacy Regulation and our online privacy.
Read more

Adtech: An industry broken by design and by default

European Digital Rights (EDRi) recently published “targeted online: an industry broken by design and by default”.
Read more

Adtech – an offer you can’t refuse

This spring, Apple will implement a new policy that will require App Store developers to ask for users’ permission in order to track them online.
Read more

ICO enforcement: two years after the GDPR

On Tuesday, the Information Commissioner Elizabeth Denham will appear in front of the DCMS Committee for a hearing, where she will be questioned about her office’s role in protecting personal data against targeted online advertising, and the use of personal data for tackling the coronavirus pandemic.
Read more

Our fight against Adtech gets bigger

Two years ago, complaints against real time bidding (RTB) were lodged by Jim Killock of Open Rights Group, Michael Veale of UCL, and Johnny Ryan.
Read more

The ICO must fix the Adtech industry

When we first took on the ad industry we knew it would not be simple.
Read more

Belgian DPA fires a warning shot at adtech, what’s next?

In 2018 we lodged complaints in UK and Ireland against real time bidding (RTB), a technology which powers commercial tracking on the Internet.
Read more

Bringing sticks to a gunfight: how the ICO fails to enforce the law

As you may be aware of, we are taking the Information Commissioner’s Office to Court over their failure to enforce the law against digital advertising and real time bidding.
Read more

Digital advertising market study: the good, the bad and the ugly

The Competition and Markets Authority (CMA) recently released their market study on online platforms and digital advertising.
Read more

Something is rotten in the Information Commissioner’s Office

The COVID-19 test and trace system immediately hit the news for its dubious privacy policy, as well as the lack of a Data Protection Impact Assessment (DPIA).
Read more

ICO may have slowed down on AdTech, but we’re up and running

The ongoing coronavirus crisis may have pulled the brake on the Information Commissioner’s Office (ICO) enforcement of your rights, but online advertising companies are doing just fine.
Read more

Is ethical Ad-Tech possible?

Last week ORG was in Brussels at the main annual privacy conference in Europe, CPDP, which stands for Computer Privacy and Data Protection.
Read more

The AdTech showdown is coming but will the ICO bite?

The 2018 General Data Protection Regulation (GDPR) was meant to be a Good Thing – a strong law that would make businesses act responsibly and give ordinary people control over our personal data.
Read more

Response to IAB statement

IAB: We have taken note of media reports regarding an update to complaints made by ad-blocking browser developer Brave and Polish activist group Panoptykon Foundation to a number of European data protection authorities.
Read more


A brief chance for better UK data protection law

However, the GDPR’s enforcement within member countries has considerable flexibility.
Read more

ORG’s first take on the leaked e-Privacy Regulations

Blog Leak The leaked e-Privacy Regulation (ePR) brings many improved protections to our communications data, which are now extended to communications devices and internet services, not just traditional telecom providers.
Read more

More Information

Press Releases