Google faces probe for GDPR data protection violations

As reported by Reuters, due to numerous complaints, Google is facing what many consider to be a landmark investigation for GDPR violations. The investigation in question relates to how Google handles data when advertising, and it is being carried out by the Irish Data Protection Commissioner.

The Data Protection Commissioner released this statement on the investigation:

Arising from the Data Protection Commission’s ongoing examination of data protection compliance in the area of personalised online advertising and a number of submissions to the Data Protection Commission, including those made by Dr. Johnny Ryan of Brave, a statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange.

The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR). The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.

The reference to Dr. Johnny Ryan, who works as chief policy officer on the Brave privacy browser, is key as his assertions are a major part of the Data Protection Commission getting involved in this case. Dr. Ryan submitted evidence that showed, according to Brave’s report on the matter, major issues with Google’s “DoubleClick/Authorized Buyers.” The DoubleClick/Authorized Buyers are installed on over 8 million websites, and according to Dr. Ryan’s research, Google has been using them to broadcast private data about users to roughly 2000 different companies “hundreds of billions of times a day.”

If these allegations are found to be true, Google is in direct breach of the GDPR Article 5, namely the portions (1)(a), (1)(b), and (1)(f). These state that personal data must be “tightly controlled” and also that users must have clear information of how their data will be used. Google, if found to be in violation of GDPR Article 5, may be fined up to 4 percent of its global revenue — which could amount to more than $5 billion.

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Exchange Server log files growth and inadequate disk space allocation

When it comes to Exchange, if you build it, it will grow. Exchange Server log file growth can fill up…

3 hours ago

Hold the phone! Voice communication is becoming cool again

Business telephone conversations have largely been supplanted by email. But voice communication is far from dead — and it may…

6 hours ago

What are the potential disadvantages of SSL/TLS?

There’s wide consensus on the benefits of SSL/TLS. However, not as much attention has been given to SSL/TLS disadvantages.

3 days ago

Exploring native software inventory logging in Windows Server

Windows Server has built-software inventory logging that can be very useful. Here’s how to use this little-known feature.

3 days ago

Passwordless authentication: Safer, better, and about time

Passwordless authentication has quickly become one of the primary means by which users access their laptops, phones, and tablets because…

3 days ago

Automated Incident Response in Office 365 ATP simplifies cybersecurity

Microsoft has pumped up Office 365 Advanced Threat Protection with a new feature, Automated Incident Response. Here’s what you need…

4 days ago