Credit: GoogleA startup called Brave has filed regulatory complaints with the UK Information Commissioner and Irish Data Protection Commissioner alleging that Google and other ad tech companies violate the General Data Protection Regulation (GDPR) put into effect by the European Union in May. The claim: ad systems represent a “massive and ongoing data breach that affects virtually every user on the web.”
The problem lies with how ad networks decide who sees what promotions. Most ads these days are personalized, and that specific targeting requires ad tech companies to gather and share information about pretty much everything that happens online. Brave’s complaints center on the way ad tech companies share this information with countless other companies so they can decide if they want to pay to have their ad shown.
Brave explained in a blog post:
“A data breach occurs because this broadcast, known as an [sic] ‘bid request’ in the online industry, fails to protect these intimate data against unauthorized access. Under the GDPR this is unlawful. … The GDPR, Article 5, paragraph 1, point f, requires that personal data be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.’ If you can not protect data in this way, then the GDPR says you can not process the data.”
We reached out to Google for comment on Brave’s allegations. A spokesperson told us:
“We build privacy and security into all our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation. We provide users with meaningful data transparency and controls across all the services that we provide in the EU, including for personalized advertising.”
Brave offers a browser of the same name that automatically blocks online ads and trackers by default. The company said that doing so allows its browser to offer speeds that are eight times faster than Safari and Chrome, let people save their data by not loading content they don’t want to see and better protect user privacy. It also offers several monetization paths that are supposed to help publishers recoup some of their lost ad revenue.
That means the company has a clear financial interest regarding these complaints; anything that might inspire people to use browsers like Brave could be good for its business. All research points to Chrome being the most popular browser, which means competitors are better off targeting Google than Microsoft or Apple. Even Microsoft is taking on Google, as shown by its plead for people to use Edge instead of Chrome.
There are reasons to believe that Brave genuinely wants to protect online privacy, however, not least among them being the fact that it was founded by Mozilla co-founder Brendan Eich. Firefox also continues to offer better security and privacy tools to compete with Google. Besides, financial motivation wouldn’t mean Brave’s complaints about Google and other companies are invalid; it’d just mean they serve two purposes.
And it’s not exactly like Google makes it hard for companies to use privacy concerns against it. The company most recently came under fire because it allegedly partnered up with Mastercard to help bridge the knowledge gap between how online ads can affect offline purchases. That same day, Senator Orrin G. Hatch (R-UT) asked the Federal Trade Commission to reconsider antitrust probes, at least partly because of privacy issues.