Following a complaint from the privacy advocacy group Noyb, Microsoft’s subsidiary, Xandr, is under investigation for violating European Union data protection standards.
The group publicized the allegation on its official page on Tuesday.
Xandr is Microsoft’s advertising and analytics company, which provides an online platform called Community for buying and selling consumer-centric digital advertising.
In its most recent move, NOYB is assisting an anonymous Italian citizen in filing a complaint against Xandr with the country’s data protection agency.
The complaint was made per the European Union’s General Data Protection Regulation (GDPR), which could result in fines of up to 4% of Xandr’s parent entity Microsoft’s global annual turnover.
Newsng gathered that the complaint alleges that Xandr collected and shared the personal data of millions of Europeans for targeted advertising purposes.
Despite advertising’s reputation as a platform for precision ad targeting, Xandr allegedly shares personal user data such as health, sexuality, and political convictions with advertisers.
“Also, despite selling its service as ‘targeted’, the company holds rather random information: the complainant apparently is both a man, a woman, employed and unemployed.
“This could allow Xandr to sell ad space to multiple companies who think that they are targeting a specific group. As if that were not enough, Xandr does not comply with a single access request,” NOYB wrote.
NOYB highlighted that not a single access request is complied with by the ad broker.
In fact, in 2022, Xandr recorded an astounding 0% response rate to access and deletion requests, while gathering enormous volumes of sensitive personal data about individuals.
“Xandr’s business is obviously based on keeping data on millions of Europeans and targeting them. Still, the company admits that it has a 0% response rate to access and erasure requests. It is astonishing that Xandr even publicly illustrates how it breaches the GDPR,” said Massimiliano Gelmi, data protection lawyer at Noyb.
We earlier reported that NOYB has filed a GDPR complaint against Google’s Privacy Sandbox, claiming that the US megacorp tracked users without their consent when they enabled a “Privacy Feature” in the Chrome browser.