One of the fastest-growing rivals of Google’s Chrome browser, Brave today called out the tech behemoth for collecting and sharing user data with advertisers secretly.
Allegations pile up against Google
Brave Software, which operates the privacy-centric Brave browser, alleged that Google has found a way to circumvent European privacy regulations. The company said that the browser is using Push Pages, a new mechanism to evade privacy laws and secretly transfer user information with advertisers. This includes personally identifiable data as well, which is in violation of European laws as well as the company’s own privacy policy.
On Wednesday, the open-source browser published its findings and made serious allegations on Google. However, Caroline Klapper-Matos, a Google spokesperson denied these allegations in an email to Decrypt. She said that the company does not violate the consent of the users. According to her, the company does not “serve personalized ads or send bid requests to bidders without user consent. The Irish DPC—as Google’s lead DPA—and the UK ICO are already looking into real-time bidding in order to assess its compliance with GDPR. We welcome that work and are co-operating in full.”
Brave has numbers to back the claim
Brave is not backing down without a fight. It has come up with real-time bidding (RTB) data from Chrome which suggests that the company has created a workaround for the General Data Protection Regulation (GDPR) guideline, which came into effect last year. The guidelines were designed to safeguard consumers against exploitative data harvesting practices by internet companies.
Brave provided evidence of personal data logging by analyzing the browsing log of Dr. Johnny Ryan, their chief policy and industry relations officer. They found that his data was exposed by Google Chrome. They further commissioned Zach Edwards, enterprise analytics auditor, to research further. Edwards later tweeted to confirm the findings of the Google cookie_push. He said that the workaround was first tested in 2015-16 and became more active when the company removed Google user ID export feature from its V2 schema.
Note that Google is already in flux with Ireland Data Protection Commission (DPC) because Ryan launched a formal complaint with the regulator about the browser’s shady practices. With this new scuffle, the DoubleClick/Authorized Buyers system of advertising used by Google on around 8.4 million websites will be affected. About 2,000 companies use the data of visitors harvested from these sites. It also deepens the row between Chrome and Brave, a browser that has been positioning itself as an answer to Google’s sneaky practices.
