MONTREAL—A digital rights collective filed complaints with regulators in the European Union accusing Pornhub’s European operation, based in Cyprus, of illegally mishandling user data in violation of the strict General Data Protection Regulation (GDPR) requirements adopted by the EU.
Under GDPR, organizations must obtain explicit consent from individuals before collecting and processing their personal data. Transparent information about data usage and proper security measures are also required.
“Platforms like Pornhub are hoarding information about everybody’s sexual orientation and trading it with business partners for a profit,” says Alessandro Polidoro, an attorney and spokesperson for the grassroots data privacy rights group, #StopDataPorn.
According to its website, #StopDataPorn is a collective project with support from an active staff and academic advisory team from the University of Milan, in Italy.
Polidoro added in a press release: "They are capable of creating ‘lists’ naming who is gay and who is not, for instance, also knowing intimate secrets and kinks that people would not share even with their closest friends. It is mandatory to put this massive processing of sensitive data into compliance with data protection law.”
The mission of the #StopDataPorn group is three-pronged, according to its website. Many of the accusations surrounding Pornhub’s history of data collection and handling stem from, first, the lack of consent when asking to process personal data requests that include data that’s very sensitive—including sexual preferences. GDPR requires that Pornhub comply by offering a note for consent in order to retain and handle such sensitive user data.
Second, the #StopDataPorn group takes issue with how Pornhub shares personal data with third parties and partner firms—specifically those comprising Ethical Capital Partners, the private equity investors based in Ottawa that acquired Pornhub parent company MindGeek in March. Again, the GDPR rules prohibit the dissemination of personal information and other sensitive data without it being declared and the users consenting.
Lastly, the group takes aim at Pornhub’s recommendation and other related ad-tech algorithms claiming that these processes constitute unlawful profiling.
Polidoro told Wired last week that legal complaints have been filed against Pornhub, the site’s ownership group, and other entities tied to the mega tube site through its European base in Cyprus. GDPR compliance has always been a point of contention for online adult industry firms that host websites that collect sensitive personal information and other identifying data.
"We will respond through the appropriate process in time, and note that it is our practice not to comment on ongoing litigation," a spokesperson for MindGeek told AVN, adding that the company is "committed to protecting user privacy and is continuously implementing measures to safeguard the personal data of everyone in its community."
The U.S. state of California adopted the California Consumer Privacy Act in January 2020, which has been dubbed a GDPR copycat law.
The California Consumer Privacy Act is a first-of-its-kind law to enter into force for a large swath of American citizens granting users the right to consent or not consent to certain data handling practices carried out by most companies who operate on the internet—of course, porn sites are included.
For Pornhub, these new legal challenges and complaints follow a tumultuous few weeks for the site in the United States as Pornhub’s ownership group opted, again, to geo-block entire states for age verification laws that heavily rely upon the collection of personal information like government ID cards, credit card numbers, or other identifying information for legal users to access adult sites.
Image by Pete Linforth from Pixabay