Brave Launches Legal Offensive on Google Ads Data Collection Practices

The startup behind Brave Browser has filed regulatory complaints against Google over the "massive" amount of user data exposed in online advertising.

AccessTimeIconSep 14, 2018 at 5:31 p.m. UTC
Updated Aug 18, 2021 at 9:50 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Brave, the startup behind the Brave browser and the Basic Attention Token, has filed regulatory complaints against Google and others over what it considers poor privacy protection for users in the online ads industry.

The complaints – filed with the Irish Data Protection Commissioner and the U.K. Information Commissioner on behalf of Brave's chief policy officer Johnny Ryan, Jim Killock of the Open Rights Group, and Michael Veale of University College London – are aimed to trigger an article in the new European General Data Protection Regulation (GDPR) requiring an EU-wide investigation.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Ryan said in a statement:

    "There is a massive and systematic data breach at the heart of the behavioral advertising industry. Despite the two year lead-in period before the GDPR, adtech companies have failed to comply. The industry can fix this. Ads can be useful and relevant without broadcasting intimate personal data."

    As well as Google, the complaints target "all ad tech companies that broadcast internet users personal data widely in what are called RTB bid requests," he told CoinDesk. "We anticipate that the regulators will order the industry to stop broadcasting personal data in this manner."

    The complainants argue that when users search on Google their personal data and information on their behavior online is broadcast to multiple companies interested in targeting them with ads – and without users' consent. In doing so, they say, Google violates the GDPR's requirement for personal data to be "processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss."

    The complaint indicates that the adtech industry can therefore process users' information including such data as the content being viewed, location, type of device, unique tracking IDs, or a "cookie match," and IP address. This data can help reveal many aspects of users, such as income, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning and other sensitive information, it states.

    "Advertising technology companies broadcast these data widely in order to solicit potential advertisers' bids for the attention of the specific individual visiting the website," Brave says.

    Once the users' data has been broadcast, its dissemination is impossible to control, the complaint filed with the U.K. Information Commissioner says, adding:

    "The sheer number of recipients of such data mean that those broadcasting it cannot protect against the unauthorised further processing of that data, nor properly notify data subjects of the recipients of the data. ... data breaches are inherent in the design of the industry."

    The complaint is being legally assisted by Ravi Naik, a partner at ITN Solicitors, who previously helped draw up a complaint to the U.K. Information Commissioner against Cambridge Analytica.

    "We have been instructed by clients in numerous jurisdictions to file complaints concerning the behavioural advertising industry. We are confident that any proper appraisal by the authorities of the concerns will lead to a fundamental shift in our relationship with the internet, for the better," Naik said in the statement.

    The GDPR stipulates that failures to protect personal data can cost violators up to 4 percent of a company's global turnover, but the move against Google, if successful, could have broader implications and undermine the entire online advertising model that internet giants like itself, Facebook and others with huge user databases are now employing, Reuters suggests.

    "People do not – and cannot – fully understand or know how and where their data is used. This seems highly unethical, and does not square with Europe's data protection laws," Killock said, also in the statement.

    Brave has also announced that, from now on, Qwant, not Google, will be Brave's default search engine in France and Germany.

    Founded by the creator of Javascript and co-founder of Mozilla Brendan Eich, Brave provides a privacy-oriented browser which rewards users with tokens.

    Privacy image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.