With Google's European headquarters based in Ireland, Reuters says that the company is now being investigated for GDPR violations by the Irish Data Protection Commissioner (DPC). Ad Exchange auctions can involve hundreds of third parties haggling over users' private data, attaching behavioral "tags" to their traffic without their knowledge - an operation which seems to run afoul of the General Data Protection Regulation (GDPR) requirement that companies obtain explicit consent before dealing in sensitive information.
The watchdog said it has been looking into privacy compliance in the area of personalised ads for a while and received a number of submissions, including by Johnny Ryan, chief policy officer at Brave Software, which makes an ad-blocking browser.
Arising from the Data Protection Commission's ongoing examination of data protection compliance in the area of personalised online advertising and a number of submissions to the Data Protection Commission, including those made by Dr. Johnny Ryan of fearless, a statutory inquiry pursuant to section 110 of the Data Protection Act 2018 has been commenced in respect of Google Ireland Limited's processing of personal data in the context of its online Ad Exchange.
In the absence of federal action, California took an important first step forward in advancing privacy protection with the passage of the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. The GDPR principles of transparency and data minimisation, as well as Google's retention practices, will also be examined.
The Irish Data Protection Commission (DPC) has opened a probe into the search behemoth's compliance with the sweeping data protection regulations passed into law across the European Union nearly exactly a year ago. The Act was brought into law in order to comply with the EU's new GDPR regulations, enacted in the same year.
Most of the United States companies have offices in Dublin, Ireland, therefore they fall under the watch of the Irish DPC.
If Google is found guilty, the firm could be fined as much as four per cent of its global annual revenue, which would total around £4.28bn.
The latest investigation - the first by the Irish watchdog into Google - brings to 19 the number of open cases by the regulator targeting big USA tech companies.
"We will engage fully with the DPC's investigation and welcome the opportunity for further clarification of Europe's data protection rules for real-time bidding".