Privacy browser reckons personalised advertising = personal data processing
Lawyers for the privacy-focused Brave browser have written to the UK’s Information Commissioner’s Office (ICO) with what they claim is evidence that Google’s online ad-selling policies break the EU’s General Data Protection Regulation (GDPR) – namely Article 5(1)(f).
Brave kicked off this fight back in September last year. At the heart of their battle is a claim that “personalised advertising” by Google counts as personal data processing. Broadly, they say Mountain View’s adtech empire is too vast, sprawling and automated to be fully compliant with the law.
Article 5(1)(f) of the GDPR states that personal data must be “processed in a manner that ensures appropriate security… including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.
In yesterday’s letter, Brave’s lawyers urged the ICO to join its fellow data cops in Ireland with their investigation into Google. They also want the ICO to widen its own enquiries to include 2,000 Google Authorised Buyers, whom it named in a spreadsheet forwarded to the data protection bods, along with strongly worded pleas to start an investigation.
Interestingly, Brave’s Johnny Ryan highlighted a report produced by US adtech critics DCN, which he said proved that online news outlets (i.e. the people who are most voluble about the damage done to their industries by Google and Facebook’s online ad duopoly) would benefit from an EU ban on personal data being used for ad targeting.
In response to all this, an ICO spokesperson told us: “The data protection implications of adtech are of interest to the ICO. We are currently concentrating on the ecosystem of programmatic advertising and real-time bidding (RTB). This aligns with our Technology Strategy, where both online tracking and artificial intelligence are highlighted as priority areas.
“We have been engaging with representatives of the adtech industry and recently hosted an event to discuss the data protection implications of current and future industry practices.” ®