We’ve reached out to Google for comment. Update: A Google spokesperson said: “We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorised buyers using our systems are subject to stringent policies and standards.”
As we reported earlier this week complaints about the RTB system used by online advertisers have been stacking up across Europe.The relevant complaint in this instance was lodged last fall by Dr Johnny Ryan of private browser Brave , and alleges “wide-scale and systemic breaches of the data protection regime” by Google and others in the behavioral advertising industry. Where Google is concerned the complaint focuses on its DoubleClick/Authorized Buyers ad system.
In a nutshell, the RTB complaints argue the system is inherently insecure — and that’s incompatible with GDPR’s requirement that personal data is processed “in a manner that ensures appropriate security”. Commenting on the Irish DPC opening an inquiry in a statement, Ryan said: “Surveillance capitalism is about to become obsolete. The Irish Data Protection Commission’s action signals that now — nearly one year after the GDPR was introduced — a change is coming that goes beyond just Google. We need to reform online advertising to protect privacy, and to protect advertisers and publishers from legal risk under the GDPR”.
Similar complaints against RTB have been filed in the UK, Poland, Spain, Belgium, Luxembourg and the Netherlands. Ireland is leading the investigation of Google’s adtech as the company designates Google Ireland as the data controller for EU users.
Google and IAB ad category lists show ‘massive leakage of highly intimate data,’ GDPR complaint claims