4

If a website is claiming legitimate interest in data collection in a way that is unbelievable is there any action that a web site visitor can take?

For example, if one was to visit The Daily Mail you will be presented with a cookie consent lightbox, and the first of the "Special Purposes" (that you cannot opt out of) is "Ensure security, prevent fraud, and debug", and there is a list of 389 Vendors that "rely" on this purpose. This list includes HUAWEI Ads (with a broken privacy statement), IntelliAd (which lists its products under the categories Performance Marketing Suite, Search, Tracking, E-commerce), Clever Advertising, FanDom and multiple sites that are blocked by uBlock Origin.

Now I suppose it is possible all these organisations are actually involved in providing security, but it seems unlikely. If one was concerned that they making false claims, and so processing personal data with neither consent or legitimate interest, what action could one take? I am thinking of making a SAR to each of the 389 vendors listed, requesting the exact details of their use of my PII for security, but I am not sure that they would be required to provide anything useful.

Improve this question
1
  • That sounds like a legitimate complaint to the ICO just waiting to happen....
    – user28517
    Commented Apr 15, 2021 at 19:55

1 Answer 1

Reset to default
2

If you believe your personal data has been processed incorrectly (e.g. without a suitable legal basis), you can take any of the following steps:

  • Contact the data controller to raise your complaint. There should be contact details for their data protection officer in the privacy notice.

  • Sue the data controller for compliance and damages.

  • Lodge a complaint with the supervisory authority, which would be the ICO in the UK.

Data protection authorities typically only take action when there are notable reports about problems, so it can be useful to lodge a complaint even without the expectation of them taking action. However, the ICO does not seem to prioritize cookie consent issues.

In practice, the legal angle isn't going to produce good results here, unless you have lots of money to burn on litigation. Instead, consider technical defenses against tracking and illegal data collection. This includes steps like using a privacy-friendly browser like Firefox, configuring your browser to reject third party cookies, and using an adblocker like uBlock Origin.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .