The developers of the Brave Chromium browser stated that they have new evidence of Google’s violation of the General European Data Protection Regulation (GDPR).
Brave’s senior director of policy and industry relations, Johnny Ryan, presented the facts of the Data Protection Commission (DPC) that he has at his disposal in Ireland.
In May this year, the DPC launched an investigation on Google RTB, an advertising exchange protocol used to link advertisers to websites selling their products.
Last year, Ryan presented a complaint against Google in Ireland and the UK, accusing the company of violating the “General Data Protection Regulation” (GDPR). According to the complaint, Google and advertising companies disclosed personal data during RTB requests on sites using behavioral advertising from Google.
According to Ryan, the tech giant “broadcasted” the data to hundreds of its partners, and the further fate of this data was unknown.
“The evidence we have submitted to the Irish Data Protection Commission proves that Google leaked my protected data to an unknown number of companies. One cannot know what these companies did with it later, because Google loses control over my data once it was sent. Its policies ensure no protection”, — said Dr. Johnny Ryan of Brave.
Ryan now claims that the company is bypassing the GDPR with cookies called google_push (Push Page). According to him, google_push allows advertisers to exchange user profile identification data while they load web pages.
Each Push Page is unique, as a code of nearly two thousand characters is added to the URL of the page to uniquely identify the person about whom Google shares information. This code, combined with other cookies, allows companies to identify the user.
All the companies that Google invites to access the Push page receive the same identifier for the person they are profiling. This google_push identifier allows them to cross-reference their profiles of that person, and then they can exchange profile data with each other.
“Real-time bidding in its current form is toxic. The speed and scale of the broadcast is incapable of complying with the GDPR’s security principle. Now our client finds seemingly clandestine profile matching by Google. Deceptive and uncontrolled profile matching is the antithesis of the fairness and transparency principles of data protection”, – said Ravi Naik, a data rights solicitor who is acting for Dr Ryan and Brave.
Behavioral advertising – contextual advertising created with reference to the specific interests of the user.