Privacy-browser Brave launches GDPR ad tech ‘test case’ against Google

Privacy-browser Brave launches GDPR ad tech ‘test case’ against Google Mark manages all aspects of editorial on MarketingTech as Editor, including reporting on the fast-paced world of digital marketing and curating the site’s network of expert industry contributions. Originally from Plymouth, Mark studied in Reading and London, eventually earning his Master's in Digital Journalism, and most previously covered goings-on in the idiosyncratic world of performance marketing for PerformanceIN.

Brave, a privacy-focused web browser built by a Mozilla co-founder and the creator of JavaScript, Brendan Eich, has filed privacy complaints against Google in what could become a GDPR (General Data Protection Regulation) “test case” against ad tech data use.

According to a report by Reuters, Brave – which blocks ads by default in place of its own – has filed privacy complaints against the search giant in Britain and Ireland in efforts to trigger a GDPR article requiring EU-wide investigation.

This hasn’t been brought on by a particular case; Brave believes that the way ad tech companies use personal data for ad targeting is an inherent breach of GDPR law, which seeks to ensure individuals have ultimate control over the use and storage of their data.

“There is a massive and systematic data breach at the heart of the behavioural advertising industry,” Brave’s chief policy officer Johnny Ryan told Reuters. “Despite the two-year lead-in period before the GDPR, ad tech companies have failed to comply.”

In the complaints filed yesterday (September 12), Brave argued that users are visiting sites and providing personal data on both themselves and their browsing activity without knowledge. The company says this violates the GDPR’s requirement for data to be processed securely, against unauthorised or unlawful processing, and against accidental loss.

In particular, the complaint highlights the process of real-time bidding through the widely-used OpenRTB protocol and the Google-run Authorised Buyers. It says these gather more personal data than can be justified for advertising, that data is used for further unauthorised processing, and that it can include sensitive information such as a user’s sexuality, ethnicity and political opinions.

Responding, Google has said that it has already implemented strong privacy protections in line with the requests of European regulators, reaffirming its commitment to GDPR.

As noted by Reuters, as a private browser and ad blocker that prevents the user of web page trackers used for ad targeting, Brave has “detailed insight” into the inner working of the online advertising industry. While, as of the time of writing, 93 UK companies have received monetary fines from the ICO (Information Commissioner’s Office) – often in the hundreds of thousands – members of the ad tech industry have largely steered clear of penalties.

If the regulator was to find in favour of complaints initiated by Brave, it could entirely undermine the data-driven online advertising model, which is forecasted by eMarketer to be worth $273bn this year.

Since GDPR came into effect, Google hasn’t had a track record of eagerness to comply with regulations. In July, Marketing Tech reported how it had delayed entry into a consortium of ad tech companies, hampering the group’s efforts for wide-scale compliance and leaving many owners of Google ad-funded websites and apps exposed to fines.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *