Ireland’s DPC (Data Protection Commission) has launched a statutory enquiry into how Google Ireland processes data for the purpose of advertising.
The probe is the result of a number of submissions to the DPC, including those made by Dr Johnny Ryan, Chief Policy & Industry Relations Officer for Brave, a privacy-focused web browser.
Dr Ryan’s submissions reveal that Google’s DoubleClick/Authorized Buyers advertising system leaks the personal data of people visiting websites with the system activated, to thousands of organisations daily.
A DPC statement notes that “The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR). The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.”
Under the GDPR, which came into effect on 25 May 2018, the DPC can impose fines on organisations that fail to comply – up to 4% of an organisation’s annual global turnover or €20 million, whichever is greater.
In response, a Google spokesperson said: “We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorized buyers using our systems are subject to stringent policies and standards.”