wordpress blog stats
Connect with us

Hi, what are you looking for?

Irish privacy regulator launches first probe into Google under GDPR

Ireland’s Data Protection Commission said it would investigate how Google treats personal data at each stage of its ad-tracking system, and whether its activities are in breach of the General Data Protection Regulation (GDPR). This is the first investigation of Google under the GDPR, which came into force on May 25 last year. It is the result of complaints by several companies – including Brave Software Inc (see below) – about the way Google handles personal information for advertising. Under the GDPR, regulators can fine companies up to 4% of their global revenue or 20 million euros, whichever is higher.

Ireland’s DPC, which is the main regulator for data privacy in the EU, said in a statement, “A statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange. The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the GDPR. The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.”

A Google spokesperson told MediaNama in a statement, “We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorised buyers using our systems are subject to stringent policies and standards.”

Brave’s complaint against Google’s data sharing practices

Brave Software owns the privacy-focussed Brave browser, which blocks ads and website trackers, and lets users opt in to watch ads instead of tracking them online. In September, when Brave lodged its complaint, its chief policy officer Johnny Ryan wrote in a blog that when a person visits a website and is shown a “behavioural” ad, Google and other ad tech firms broadcast intimate personal data to tens or hundreds of companies to solicit bids from potential advertisers seeking the attention of the specific individual visiting the website. “A data breach occurs because this broadcast, known as an “bid request” in the online industry, fails to protect these intimate data against unauthorised access. Under the GDPR this is unlawful,” Ryan wrote. He cited Article 5, paragraph 1, point f of the GDPR, which requires that personal data be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.” He said, “If you can not protect data in this way, then the GDPR says you can not process the data.”

What information do bid requests contain?

Advertisement. Scroll to continue reading.

Ryan wrote in his post that bid requests can include the following personal data:

  • What you are reading or watching
  • Your location
  • Description of your device
  • Unique tracking IDs or a “cookie match”. This allows advertising technology companies to try to identify you the next time you are seen, so that a long-term profile can be built or consolidated with offline data about you.
  • Your IP address (depending on the version of the “real time bidding” system)
  • Data broker segment ID, if available. This could denote things like your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc (depending on the version of bidding system).

Google is unlikely to be the only large technology firm to face action under the GDPR. The European headquarters of many such firms are in Ireland, and the DPC said earlier this month that of 17 of its 51 large-scale ongoing investigations related to large tech companies, including Twitter, LinkedIn, Apple and FacebookReuters reported.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ