Brave, a privacy-focused web browser, just alleged that Google is using hidden web pages to feed personal data of its users to advertisers. This new evidence of Google’s circumventing EU privacy regulations to collect personal data has been submitted by Brave for an investigation by Ireland’s Data Protection Commission.
In a report by The Financial Times, Johnny Ryan, Brave‘s chief policy officer says he discovered Google was using secret web pages after tracking his data and that Google made this data available via Authorized Buyers, Google’s advertising exchange, previously called DoubleClick. According to the report the evidence shows Google “labelled him [Johnny Ryan] with an identifying tracker that it fed to third-party companies that logged on to a hidden web page.”
Allegedly the page had no viewable content, but contained a “unique address” linked directly with Ryan’s browsing. After an hour of browsing the web using Google Chrome, Ryan’s data identifier was sent to at least eight AdTech companies.
Brave went on to hire Zach Edwards, a third party analyst to audit the data. Edwards, who runs the firm Victory Medium, recruited “hundreds of people” to test Google Chromes tracking over a one month time frame. That investigation found that the identifier was in fact unique and was shared with multiple advertising companies.
This is a violation of both EU GDPR privacy protections and Google’s own policies. Google’s rules prohibit ad buyers from the matching of disparate profiles on the same user. It’s also worth noting that Google Chrome is the number one most used browser meaning Brave as a browser is a competitor.
This doesn’t mean Brave’s claims are untrue. After reading over the documentation they published, it seems very likely to be the case that Google is using personally identifiable cookies. I questioned Google’s claims of the need for cookies a couple of weeks ago.
Financial Times quoted a Google spokesperson as saying “We do not serve personalised ads or send bid requests to bidders without user consent.”
“User consent” or not Google is having a bad time lately with regulations around privacy. In May 2019 Google’s ad system became the subject of an EU probe, and in the U.S. Google will be paying $170 million to settle allegations YouTube unlawfully collected data of children under 13.
Mason Pelt, is a guest author for Internet News Flash. He’s been a staff writer for SiliconANGLE and has written for TechCrunch, VentureBeat, Social Media Today and more.
He’s a Managing Director of Push ROI, Inc. and acted as an informal adviser when building the first Internet News Flash website.