Brave Sues Google over Privacy Protection
Startup firm Brave wants to make technology company Google and other related entities liable for falling short of privacy protection for users in the online ads industry.
Brave’s chief policy officer Johnny Ryan, Jim Killock of the Open Rights Group, and Michael Veale of University College London filed complaints with the Irish Data Protection Commissioner and the UK Information Commissioner to trigger a provision in the European General Data Protection Regulation (GDPR) requiring an EU-wide inquiry.
These entities argued that users’ personal details and information on their behavior online is transmitted to several companies interested in targeting them with ads without the users’ consent. With that, Google and other tech firms violate the GDPR’s requirement for personal data to be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.”
Moreover, complainants said the entire adtech industry can use these details such as the content being viewed, location, type of device, unique tracking IDs, or a “cookie match,” and IP address. This information can unlock a person’s data including his income, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning and other sensitive information.
“There is a massive and systematic data breach at the heart of the behavioral advertising industry. Despite the two year lead-in period before the GDPR, adtech companies have failed to comply. The industry can fix this. Ads can be useful and relevant without broadcasting intimate personal data,” Ryan said in a statement.
The complaints are targeting Google and all other ad tech companies “that broadcast internet users personal data widely in what are called RTB bid requests. We anticipate that the regulators will order the industry to stop broadcasting personal data in this manner,” he added.
“Advertising technology companies broadcast these data widely in order to solicit potential advertisers’ bids for the attention of the specific individual visiting the website,” Brave says. Once personal data has been broadcast, the dissemination is impossible to curtail.
“The sheer number of recipients of such data mean that those broadcasting it cannot protect against the unauthorised further processing of that data, nor properly notify data subjects of the recipients of the data. … data breaches are inherent in the design of the industry,” the firm said.
Ravi Naik, a partner at ITN Solicitors, is assisting Brave on this matter. He previously helped draw up a complaint to the U.K. Information Commissioner against Cambridge Analytica.
“We have been instructed by clients in numerous jurisdictions to file complaints concerning the behavioural advertising industry. We are confident that any proper appraisal by the authorities of the concerns will lead to a fundamental shift in our relationship with the internet, for the better,” Naik said in the statement.
According to the GDPR, failure to safeguard such details can cost violators up to 4 percent of a firm’s global turnover.
But a Reuters report implied that if such a move against Google becomes successful, this could have wider implications and undermine the online advertising model which other internet giants like Facebook with huge user databases are now employing.
“People do not – and cannot – fully understand or know how and where their data is used. This seems highly unethical, and does not square with Europe’s data protection laws,” Killock stressed.
Brave, the brainchild behind Brave browser and the Basic Attention Token, has commissioned Qwant as its default search engine in France and Germany.