AggregateIQ Accused of Violating the GDPR Rules

Updated: Apr 13, 2020

AggregateIQ, a Canadian firm involved in data analytics, faces controversy after receiving one of GDPR’s first notices through the Information Commissioner (ICO) for violating the new data privacy laws. This violation poses a possible €20m ($23.5m) penalty. AggregateIQ is challenging the notice.

The notice was sent in July 2018 and was one of the first in the new data privacy environment in which companies are obliged to restrict the personal information they gather on individuals, and be transparent concerning their usage of the data, and provide people with the ability to demand the deletion of information if they so desire.

Despite no mentioning of the notification on ICO’s enforcement website, the notice was hyperlinked in an annex. According to the report, AggregateIQ gathered data of millions of people through the use of a Facebook feature in which a company could get information off people after downloading an app called “Survey.”

The information gathered from individuals is used in controversial political campaigns such as the vote to oust the UK from Europe (Brexit), and Donald Trump’s election as the president of the United States. In particular, AggregateIQ is accused of violating Articles 5, 6 and 14 after it processed personal data without the knowledge of the people involved and in the absence of a legal basis for that processing.

AggregateIQ is also accused of being connected to Cambridge Analytica; however, the company denies all accusations. With all those violations, the ICO has the power to impose GDPR’s fine of up to €20m, which is equivalent to four percent of AggregateIQ’s annual turnover.

AggregateIQ gathered the data prior to the date the GDPR legislation took effect. However, by the time the law came into effect last May 25, the company still has the data under their records; thus, holding them liable for it.

The GDPR notification is only the beginning of a more stringent way of tackling data security. At present, data protection regulators have already received several complaints from social media users including Facebook, Instagram, Google, and Whatsapp.