Google Targeted By Fresh Round Of GDPR Complaints

data breach, security

Google faces more data protection scrutiny in Europe following series of actions filed in the UK, Germany, France and other EU countries

Civil liberties campaigners on Tuesday filed complaints with national regulators across Europe alleging data protection violations by online advertising real-time bidding systems, and Google’s Authorised Buyers programme in particular.

The complaints leverage stricter GDPR data protection rules introduced last year, according to Berlin-based campaign group Liberties, which is coordinating the actions.

The group argues that behavioural advertising systems “broadcast the personal data of users to hundreds if not thousands of companies”.

Free content and services online are effectively paid for with users’ personal information, which includes “our browsing history, our location, our sexual orientation, our religion and our online identity”, said Liberties legal expert Eva Simon in a blog post.

GoogleData leak

The actions, filed in the UK, France, Germany and nine other countries, are intended as a wake-up call to national regulators, Simon said.

The aim is to get regulators to coordinate with one another and with the European Data Protection Board, she said, arguing that a joint action on behalf of EU data protection offices would be “the most effective way” to force changes in the online ad industry.

“The GDPR is in effect, but has yet to be truly enforced,” Simon stated.  “We would like to change this with our campaign.”

She said that real-time bidding goes against GDPR rules by failing to obtain users’ informed consent and by introducing a “very high” risk of data leaks.

Industry standards

“Our data is broadcast to thousands of companies across the world,” Simon wrote.

The other countries in which actions were filed are Belgium, Bulgaria, the Czech Republic, Hungary, Estonia, Ireland, the Netherlands, Poland and Slovenia.

Liberties advocacy officer Orsolya Reich said the group is not taking issue with organisations who make use of real-time bidding, but with those who set  industry standards.

“We want them to comply with the laws, which at present, as far as we can tell, they aren’t doing,” she said in a statement.

The worldwide online ad industry, in which Google and Facebook are dominant players, is set to grow to $273 billion (£215bn) this year, according to eMarketer.

In the most serious cases, the GDPR allows for companies to be fined up to 20 million euros (£18m) or 4 percent of their global turnover, whichever is larger.

In January privacy-oriented browser company Brave targeted Google and the Internet Advertising Bureau (IAB) with a GDPR complaint similarly alleging that privacy flaws are inherent in current ad standards, while last month the Irish data protection regulator launched a probe into GDPR’s compliance.

Google’s shares closed down 6 percent on Monday following reports of a possible antitrust probe by US regulators.