So Brave: Browser biz sics Brit watchdogs on Google's info slurpage

Software maker and allies demand regulatory strike on behavioral advertising

Privacy-focused browser maker Brave has filed complaints with British and Irish data protection authorities seeking an end to the online sharing of protected data by advertising firms like Google.

The complaints claim online behavioral ad targeting – which Google euphemizes as "personalized advertising" – gathers unnecessary information from internet users and broadcasts it to third-party companies without any justification, in violation of the UK's Data Protection Act (DPA) and Europe's General Data Protection Regulation (GDPR).

Brave, along with the UK-based Open Rights Group and Michael Veale, a technology policy researcher at University College London, have asked UK and Irish data minders to investigate the online ad industry, and Google in particular, for compliance with data privacy laws and to take the appropriate action.

"There is a massive and systematic data breach at the heart of the behavioral advertising industry," said Johnny Ryan, chief policy and industry relations officer for Brave, via Twitter. "This needs to change."

If it does, Google and many other ad tech companies will be starved of the personal data that fuels the ad industry and fattens their respective revenue streams.

In a report on behavioral advertising intended as a primer for data authorities, Ryan explains that whenever a behaviorally targeted advertisement is served to a website visitor, a real-time bidding (RTB) system is responsible for matching an ad with a targeted internet user. To do so, it solicits bids from advertisers who might want to reach that person by broadcasting personal information to hundreds or thousands of companies.

Ryan describes two major RTB systems: OpenRTB – run by a consortium of ad tech firms including Admeld, DataXu, MediaMath, PubMatic, The Rubicon Project, and Turn – and Authorized Buyers, Google's system that until recently was called DoubleClick Ad Exchange.

These ad bidding systems, Ryan says, offer up data points about the target, to the extent they're available, such as: what's being watched or read online, the target's location, IP address, device characteristics, unique tracking identifiers, and segmentation data like income bracket, age, gender, habits, ethnicity and so on.

The way this information gets handled, without adequate notice, consent or safeguards, violates data rules, the complaints claim.

GDPR kicks in

In an email to The Register, Ryan said the broadcast of personal information for real-time bidding requests was already unlawful under Europe's data protection rules. But with the arrival of GDPR, regulators have been empowered to act and to apply penalties.

"The GDPR also creates the new European Data Protection Board, and allows, under Article 62, for regulators to work together to investigate data misuse across the EU," he said. "This new joint supervisory investigation is one of the things that our complaint is intended to trigger."

Stalker: woman peers through keyhole

Google risks mega-fine in EU over location 'stalking'


The petitioners' goal is nothing less than the end of bad faith advertising.

"We want to see Europe's data protection regulators investigate the behavioral / programmatic ad tech industry as a whole, and shut down that industry's enormous data breach," said Ryan. "The industry can fix the problem by agreeing, across the entire industry, to put no personal data in the 'bid requests' that ad tech companies send to each other. We want to see regulators make this happen, so that the breach stops. Ads can still be relevant to the context of what people are reading, but they do not need to leak out peoples' data."

Asked what it thinks of the complaints, Google said it intends to comply with data protection rules, without stating whether it currently does.

"We build privacy and security into all our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation," a company spokesperson said in an email to The Register. "We provide users with meaningful data transparency and controls across all the services that we provide in the EU, including for personalized advertising." ®

Other stories you might like

  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • I was fired for blowing the whistle on cult's status in Google unit, says contractor
    The internet giant, a doomsday religious sect, and a lawsuit in Silicon Valley

    A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit. 

    The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.

    In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed. 

    Continue reading
  • UK competition watchdog seeks to make mobile browsers, cloud gaming and payments more competitive
    Investigation could help end WebKit monoculture on iOS devices

    The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

    "When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."

    The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

    Continue reading

Biting the hand that feeds IT © 1998–2022