Source: Emily Birnbaum
Google is using an opaque system to “leak” personal information about its users to outside companies, according to new research by rival web browser Brave.
Brave’s chief policy officer Johnny Ryan on Wednesday accused Google of violating European privacy laws and its own policies with a “workaround” that allows the tech giant to share identifying information about its users with other companies for advertising purposes.
Ryan offered the research as “evidence” for Ireland’s data privacy watchdog, which is currently investigating whether Google is violating European law.
“The evidence we have submitted to the Irish Data Protection Commission proves that Google leaked my protected data to an unknown number of companies,” Ryan said in a statement. “One cannot know what these companies then did with it, because Google loses control over my data once it was sent. Its policies are no protection.”
Google has been using little-understood web pages called “push pages” to share detailed information on users with third-party companies, according to Ryan’s research.
The personal data on the push pages, which multiple companies are able to access, “allows companies to pseudonymously identify the person in circumstances where this would not otherwise be possible,” Ryan wrote.
“We do not serve personalised ads or send bid requests to bidders without user consent,” a Google spokesperson said in a statement to The Hill.
The Irish Data Protection Commission confirmed the issues in the research “relate to an ongoing issue that is currently under investigation by this office.”
Google has previously said that it would no longer share “pseudonymous identifiers” to help companies more easily identify individuals online, a pledge Ryan claims Google is violating.
The outside companies are able to use that data to target users with advertisements.
Google runs one of the world’s most expansive digital advertising businesses and uses personal data to target users with specific advertisements.
“Brave’s evidence shows that Google’s Push Page mechanism undermines Google’s purported data protection measures,” the research reads.
Google’s online advertising system — formerly known as DoubleClick and now called Authorized Buyers — is active on 8.4 million websites.