The Irish Council for Civil Liberties (ICCL) has launched a major legal case against Microsoft. They believe the tech giant is breaking GDPR rules, and if the courts agree, it could open the door to compensation claims here in the UK.
Here’s what you need to know:
What is this claim about?
The ICCL claims that Microsoft’s advertising system collects and shares users’ personal data without proper consent. This is said to violate the General Data Protection Regulation (GDPR), which protects how companies collect, store, and use our data.
What kind of data is being shared?
According to the ICCL, Microsoft’s real-time bidding (RTB) system may be sharing sensitive and identifiable information with hundreds of advertisers, such as:
- Your browsing history and the websites you visit
- Your device and location
- Your age range, gender, and inferred interests
- Potentially sensitive data such as:
- Political opinions
- Religious beliefs
- Sexual orientation
- Health conditions
- Financial status
- Gambling habits
- Information about your children or household
- Even roles in national security or law enforcement
This information is sent to potentially hundreds of companies each time you visit a website, with no meaningful control over how it’s used, or by whom. The key concern? Most users never gave proper, informed consent for this.
What is real-time bidding (RTB)?
It’s the tech behind many of the ads you see online. In the milliseconds it takes for a page to load, your data – what site you’re on, your location, device info, browsing history – is shared with advertisers who bid to show you an ad. According to the ICCL, this system isn’t as private or secure as it should be.
According to Dr Johnny Ryan, Director of ICCL Enforce:
“People’s intimate secrets such as their relationship, work and financial status are broadcast by Microsoft into the Real-Time Bidding advertising system. That system is a black hole of data open to any malicious actor and represents a huge data breach of millions of people’s information”.
Who is bringing the case?
The Irish Council for Civil Liberties, or ICCL. They’re a respected human rights organisation based in Ireland, and one of just two groups legally allowed to launch this type of representative action under Ireland’s new collective redress law.
Does this affect people in the UK?
Yes. Microsoft’s systems are used worldwide, including here in the UK. If the Irish courts rule against them, it could clear a path for a UK data protection claim on behalf of users here. That’s why we’re keeping a close eye on developments.
Could I be owed compensation?
Right now, the focus is on stopping the alleged privacy breaches. But if a UK class action follows, and you’ve been affected, there’s a real chance you could be eligible for compensation.
What should I do?
Stay informed. If a UK claim is launched, we’ll help you check your eligibility and link you up with a regulated law firm. You can register your interest on our site now so you’re the first to know.
