- An executive of the Brave browser as well as other activists accuses Google of blatant GDPR violations.
- There’s a campaign to push for the acceleration of the investigation right now, supported by 21 entities.
Dr. Johnny Ryan, the Chief Policy and Industry Relations Officer of the Brave Browser is accusing Google of incorporating GDPR workarounds on their ad-serving systems. As the man details in his blog post, Google knows exactly what the GDPR (General Data Protection Regulation) entails, and has implemented specific workarounds to enable user tracking by ad networks. More specifically, Google’s “DoubleClick/Authorized Buyers” ad system is used by over two thousand companies and 8.4 million websites, and Brave’s executive claims to have evidence about how these companies can identify visitors, track them between platforms, and essentially violate GDPR provisions.
Mr. Johnny Ryan states that they have already submitted the evidence that they gathered onto the Irish Data Protection Commission, and they will wait for the results of their investigation. As the post writes, the evidence contains a proof of Google allowing numerous companies to match their identifiers with those of Google’s. The search giant has allegedly created a visitor profiling, and data sharing system called “Push Pages”, and invited all companies to join in and share their identifiers with all participants. These identifiers, combined with cookies developed by Google, enable advertisers to identify individuals. This goes against Google’s own policies of how the real-time binding (RTB) system should work under the GDPR.
None of this happens directly or openly according to J. Ryan. Google creates pseudo-anonymized user identifiers and supposedly prevents each company from collaborating to match their table. However, by giving companies a shared string, they enable both the identification of visitors and the collaboration between advertisers.
As Johnny Ryan further reveals, he has been trying to push the matter into the media spotlight since September 2018, when the first relevant complaint was submitted to the Irish data protection authority. Back then, he provided proof of billions of internet users having their online whereabouts leaked through Google’s (and their affiliates) RTB ad systems. While a statutory investigation about the possible infringement of the GDPR was launched over 12 months ago, no results about it have been published yet. Brave hopes that the agency will accelerate the process, as we’re talking about the largest online data breach ever to have been recorded.
What the Brave executive is telling the world is that every time we are visiting one of the 8.4 millions of websites that participate in Google’s ad network, our data is shared with many of the other entities that take part in the network through their respective websites. This data may include our sexual preferences, religion, political bias, and all of our online media consumption preferences.