According to a report by Forbrukerradet—which I think is the Norwegian Consumer Council—online advertisers are ignoring the GDPR and continuing to track consumers and build profiles of them. The report, linked above, and the technical addendum are both quite long (193 and 93 pages respectively) and detail how Android apps are continuing to send Advertiser IDs and other personal data—including precise GPS coordinates—to third parties.
One particularly disturbing revelation is that the Grindr app, a dating app for gay, bi, and trans, people was collecting personal and sensitive information from its users and sending it to numerous third parties. The report devotes 39 pages to Grindr and its data sharing.
The report includes a legal analysis that concludes the advertisers are in breach of the GDPR in significant ways. As I’ve said before, the problem is that there’s so much money in adtech and its abuse that rouge companies are making the calculation that it’s worth the risk of cheating and that they’ll just pay the fine if they get caught. And, of course, go right on violating the law. There needs to be harsh individual penalties for people involved not just their companies. Until that happens, expect more of the same.