Google faces probe for GDPR data protection violations

As reported by Reuters, due to numerous complaints, Google is facing what many consider to be a landmark investigation for GDPR violations. The investigation in question relates to how Google handles data when advertising, and it is being carried out by the Irish Data Protection Commissioner.

The Data Protection Commissioner released this statement on the investigation:

Arising from the Data Protection Commission’s ongoing examination of data protection compliance in the area of personalised online advertising and a number of submissions to the Data Protection Commission, including those made by Dr. Johnny Ryan of Brave, a statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange.

The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR). The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.

The reference to Dr. Johnny Ryan, who works as chief policy officer on the Brave privacy browser, is key as his assertions are a major part of the Data Protection Commission getting involved in this case. Dr. Ryan submitted evidence that showed, according to Brave’s report on the matter, major issues with Google’s “DoubleClick/Authorized Buyers.” The DoubleClick/Authorized Buyers are installed on over 8 million websites, and according to Dr. Ryan’s research, Google has been using them to broadcast private data about users to roughly 2000 different companies “hundreds of billions of times a day.”

If these allegations are found to be true, Google is in direct breach of the GDPR Article 5, namely the portions (1)(a), (1)(b), and (1)(f). These state that personal data must be “tightly controlled” and also that users must have clear information of how their data will be used. Google, if found to be in violation of GDPR Article 5, may be fined up to 4 percent of its global revenue — which could amount to more than $5 billion.

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Office 365 is now Microsoft 365: Everything you need to know

Microsoft has rebranded various products in its Office 365 lineup as Microsoft 365. Here is…

2 hours ago

Ansible Automation Engine: Complete getting started guide

In this second article in our series, we will work on the Ansible Automation Engine…

20 hours ago

Microsoft Build 2020: All major announcements for developers

Microsoft Build 2020 included several announcements aimed at developers and the IT community. Here are…

23 hours ago

Dell unveils new PCs optimized for remote work

With remote work here to stay, companies are looking to supply employees with devices to…

1 day ago

Using Azure Active Directory Identity Protection to boost your security

Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…

2 days ago

Review: Kemp Virtual LoadMaster load balancer

With many businesses requiring employees to work remotely, Kemp’s Virtual LoadMaster can help relieve many…

2 days ago