As originally reported by Reuters, Google is having its first General Data Protection Regulation (GDPR) investigation, launched by Ireland’s Data Protection Commissioner.
It is the first time Google and its lead European privacy regulator have come to blows, leaving many wondering how Google is going to handle the intrusion.
Specifically, the investigations going to delve into how Google treats personal data during all stages of its ad-tracking system.
The matter was first brought up when a browser company called Brave filed a complaint last September, noting that Google’s ad auction system is actually in violation of data breach GDPR rules.
As Johnny Ryan, chief policy officer explained, “Every time a person visits a website and is shown a ‘behavioral’ ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies. A data breach occurs because this broadcast, known as a ‘bid request’ in the online industry, fails to protect these intimate data against unauthorized access.”
Meanwhile, Google defended the auction system while also pledging to cooperate with the GDPR investigation.
A Google representative said, “We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorized buyers using our systems are subject to stringent policies and standards.”
If Google is found guilty of data breaches, the penalties would be enormous. The GDPR regularly fines as high as 4% of an entity’s global annual revenue, which would be around $5.4 billion for Google.
The more damaging part is that Google would need to fundamentally reshape its entire ad system in order to avoid similar data breach complications and subsequent future fines.
For the moment, Google must wait for the GDPR’s decision.