Privacy-browser Brave launches GDPR ad tech ‘test case’ against Google
According to a report by Reuters, Brave - which blocks ads by default in place of its own - has filed privacy complaints against the search giant in Britain and Ireland in efforts to trigger a GDPR article requiring EU-wide investigation.
This hasn’t been brought on by a particular case; Brave believes that the way ad tech companies use personal data for ad targeting is an inherent breach of GDPR law, which seeks to ensure individuals have ultimate control over the use and storage of their data.
“There is a massive and systematic data breach at the heart of the behavioural advertising industry,” Brave’s chief policy officer Johnny Ryan told Reuters. “Despite the two-year lead-in period before the GDPR, ad tech companies have failed to comply.”
In the complaints filed yesterday (September 12), Brave argued that users are visiting sites and providing personal data on both themselves and their browsing activity without knowledge. The company says this violates the GDPR’s requirement for data to be processed securely, against unauthorised or unlawful processing, and against accidental loss.
In particular, the complaint highlights the process of real-time bidding through the widely-used OpenRTB protocol and the Google-run Authorised Buyers. It says these gather more personal data than can be justified for advertising, that data is used for further unauthorised processing, and that it can include sensitive information such as a user’s sexuality, ethnicity and political opinions.
Responding, Google has said that it has already implemented strong privacy protections in line with the requests of European regulators, reaffirming its commitment to GDPR.
As noted by Reuters, as a private browser and ad blocker that prevents the user of web page trackers used for ad targeting, Brave has “detailed insight” into the inner working of the online advertising industry. While, as of the time of writing, 93 UK companies have received monetary fines from the ICO (Information Commissioner’s Office) - often in the hundreds of thousands - members of the ad tech industry have largely steered clear of penalties.
If the regulator was to find in favour of complaints initiated by Brave, it could entirely undermine the data-driven online advertising model, which is forecasted by eMarketer to be worth $273bn this year.
Since GDPR came into effect, Google hasn’t had a track record of eagerness to comply with regulations. In July, Marketing Tech reported how it had delayed entry into a consortium of ad tech companies, hampering the group’s efforts for wide-scale compliance and leaving many owners of Google ad-funded websites and apps exposed to fines.
- » #DMWF Europe: How are we really handling GDPR?
- » #DMWF Europe: Three observations from Digital Marketing World Forum
- » 'Your PC is being hacked': Google cracks down on fraudulent tech support ads
- » #DMWF Europe: Crimson Hexagon on the endless possibilities of social data for marketing
- » Deloitte buys Magnetic Media’s AI platform, bolstering martech offering