According to a blog post on Monday (March 16) by Johnny Ryan, chief policy and industry relations officer at Brave, no information could be gleaned from Google regarding what is done with users’ data, even though he asked several times and is entitled to the information under Article 15 of the GDPR.
“Google’s internal data free-for-all enabled it to create a cascading monopoly. But it is now acutely vulnerable to GDPR Article 5(1)b enforcement,” Ryan said in the post. “Brave’s new evidence reveals that Google reuses our personal data between its businesses and products in bewildering ways that infringe the purpose limitation principle.”
Brave released a study called Inside the Black Box that probes a cross-section of documents that it says shows that Google collects personal data from “integrations with websites, apps, and operating systems, for hundreds of ill-defined processing purposes.”
“The consequences of that are, how can I exercise my right to object or to erasure? I do not know what data is going in to develop new services, and I cannot object to my data being used when I have no idea what they are building,” Naik said.
Brave wrote to European competition regulators about the complaint, including the European Commission, the Bundeskartellamt, the U.K. Competition & Markets Authority, the Autorité de la concurrence, and the Irish Competition and Consumer Protection Commission.
A complaint filed in January 2019 by Brave and others charged that Google misused people’s personal data and categorized them in highly sensitive ways. Google’s ad technology labels users by internet activity, using tags like cancer, mental health, right- or left-wing politics or even sexually transmitted diseases.
These sensitive topics get shared with potentially thousands of third party companies through a live ad-auction process called real-time bidding (RTB).