Irish data regulator launches Google probe

Irish data regulator launches Google probe
© Getty

Ireland’s data protection regulator is launching an investigation into allegations that Google’s online advertising system is revealing sensitive data about users to hundreds of potential ad buyers in violation of Europe’s privacy laws.

“The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR),” Ireland’s Data Protection Commission (DPC) said in a statement on Wednesday. “The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.”

The DPC has opened more than a dozen privacy probes into U.S. tech companies, but Google had not previously been a target for the regulator.

ADVERTISEMENT
The announcement comes in response to lobbying from Brave, a company that operates a privacy-focused internet browser that competes with Google Chrome. Brave had presented evidence to the regulator that the search giant was broadcasting personal information about users visiting any of the more than 8.4 million websites that use its advertising exchange.

Brave Chief Policy Officer Johnny Ryan, who wrote the reports presented to the commission, has argued that the practice constitutes the largest leak of personal data ever.

“The Irish Data Protection Commission’s action signals that now — nearly one year after the GDPR was introduced — a change is coming that goes beyond just Google,” Ryan said in a statement Wednesday. “We need to reform online advertising to protect privacy, and to protect advertisers and publishers from legal risk under the GDPR.”

“We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding,” a Google spokesperson said in a statement. “Authorized buyers using our systems are subject to stringent policies and standards."

Helen Dixon, Ireland’s data protection commissioner, revealed earlier this year that her office had 18 investigations open at the time into U.S. tech giants including Apple, Facebook, LinkedIn, Twitter, WhatsApp and Instagram.