A competitor of the US giant has provided evidence to the Irish CNIL that Google is circumventing the DGPS and providing advertisers with private data from Internet users without their consent. Google refuses to violate European rules.
This is one more element in a complex investigation – the one opened in the spring by the Irish CNIL on Google’s compliance with its obligations under the General Data Protection Regulation (GDR). But it is potentially explosive. A small competitor of the American giant has provided the Dublin police with evidence of what he considers to be a mechanism to circumvent the protection of Internet users’ privacy.
Brave, which publishes a competitor of Chrome and “privacy-friendly” browser, detailed its accusations in a blog post on Wednesday, revealed earlier today by the Financial Times. According to Brave, Google uses a system of hidden web pages, the “Push Pages”, assigned individually to each Internet user.
These allow its advertising customers to better target their ads, without the knowledge of Internet users and against Google’s commitments. The 8.4 million sites that use Google’s real-time auction system could thus cross and exchange sometimes sensitive information (location, political, sexual, religious, health status, etc.).
4% of global revenues
Google, on the other hand, refuses to violate European rules. “We do not broadcast personalized ads or share auction requests without the user’s consent,” said a company spokesperson. The mechanism described by Brave corresponds to what the American giant calls “cookie matching” and the practice, according to Google’s blog dedicated to developers, is privacy-friendly.
The issue is hot for Mountain View. The European authorities have assured that they will not hesitate to use the fines provided for in the DGPS in the event of a violation. These can reach 4% of the company’s worldwide revenue, a potential sanction of more than $5 billion for Google.