A probe into how Google’s mammoth advertising business handles personal data has been launched by Ireland’s Data Protection Commission (GDC).
The company’s lead privacy regulator in Europe is investigating whether the tech giant has breached the General Data Protection Regulation (GDPR) in the way it processes user data to provide personalised online advertising with Ad Exchange.
“The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR),” the commission said in a statement.
“The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.”
In response, a Google spokesman said: “We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorised buyers using our systems are subject to stringent policies and standards.”
It comes after a number of complaints were submitted to the DPC, including that of Johnny Ryan, from private Web browser Brave, who last year criticised the company for “behavioural” ads.
‘Intimate personal data’
“Every time a person visits a website and is shown a ‘behavioural’ ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies,” Ryan claimed.
“Advertising technology companies broadcast these data widely in order to solicit potential advertisers’ bids for the attention of the specific individual visiting the website.”
The regulator has the power to fine companies up to 4% of their global annual turnover.