Sunday, July 21, 2024
- Advertisement -
More

    Latest Posts

    A complaint was filed against Google in the EU for collecting user data without adequately asking for consent

    Noyb, an Austrian advocacy group, has filed a complaint against Google for allegedly collecting users’ data without appropriately asking for consent and being non-transparent with its advertising practices in the EU.

    The complaint filed with the Austrian data protection authority talks about Google’s Privacy Sandbox API, introduced in 2023. In 2020, Google pledged that it would be phasing out third-party cookies, which collect data from websites for targeted advertising in Chrome, citing privacy concerns.

    It said it would replace this current system with Google Privacy Sandbox, which aims to “protect people’s privacy online and give companies and developers tools to build thriving digital businesses.”

    While third-party cookies have not been phased out completely, the Sandbox API was made available to users. It aims to replace third-party cookies, the most common tracking technology with what Google calls “topics.” These ‘topics’ consist of various advertising categories.

    Google classifies its users based on their behavior on Chrome. Thus, the lawsuit noted that the Sandbox API still allows Google to track user behavior. The Electronic Frontier Foundation explained, “The idea is that instead of the dozens of third-party cookies placed on websites by different advertisers and tracking companies, Google itself will track your interests in the browser itself, controlling even more of the advertising ecosystem than it already does.”

    What does the lawsuit allege?

    Google deceived users:

    The complaint accused Google of deceiving users and marketing Sandbox API as a “privacy feature” rather than making it clear that Chrome was asking for consent to have its browser track users. It claimed that using terms like “protect”, “limit” and “privacy features” on the banner asking for consent was intentionally misleading.

    A press release by Noyb refuted Google’s argument that the new Privacy Sandbox is less invasive than third-party tracking systems. Max Schems, Honorary Chairman of Noyb said, “Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google’s first-party ad tracking.  

    Google used dark patterns:

    The General Data Protection Regulation (GDPR) and the designation of Google as a ‘very large online platform’ under the Digital Services Act (DSA) require Google to ask users for their consent before collecting their data in the EU.  This requires presenting a pop-up that allows users to consent to sharing their data. However, the advocacy group claimed that Google manipulated users into consenting to share their data by using dark patterns.

    It noted that Google conducted ‘A/B testing’- a method of testing two variants of the same web page to compare which variation got more positive feedback. It alleged that this process allowed Google to optimize its prompt to get more people to agree to the data being collected.

    Google is not being transparent with the data being collected:

    The complaint also alleged that Google intentionally demonstrated topics like “sports, music and film” to imply that the data collected was generic, as opposed to demonstrating topics and sub-topics like  “/Jobs & Education/Jobs/Job Listings/Government & Public Sector Jobs” and “/Finance/Credit & Lending/Credit Reporting & Monitoring”, which are much more granular based on far more personal data.

    Further, Google informs users, through a banner, that their data will be used for “site suggested ads”  and “ad measurement.”  A banner entitled “Other ad privacy features now available” explains to users that their data can be used- to show them ads based on the sites they visited and for advertisers to measure the performance of their ads. Users are only provided with a ‘Got it’ option or a settings option. However, these are by default turned on unless the user goes to the settings and manually disables them. Noyb argued that this is another aspect of data collection where user consent is required yet Google does not present the choice for users to opt out of this data collection.

    Thus, based on these allegations Noyb argued that Google is in violation of Article 5(1)(a)  and Article 6(1)(a) of the GDPR which are “Fairness and Transparency “ and  “Consent as a Legal Basis” respectively.

    Previous criticisms of Google’s Privacy Sandbox:

    In 2021 the UK’s Competition and Markets Authority (CMA) began an investigation against Google’s proposal to remove third-party cookies from Chrome browsers and claimed that the new model would hamper “the ability of publishers to generate revenue and undermine competition in digital advertising, entrenching Google’s market power.”

    Thus, to address these concerns of advertisers Google committed to developing a set of standards aimed at enhancing privacy  and preserving competition under the CMA and the UK’s Information Commissioner’s Office (ICO), in an initiative called the “The Privacy Sandbox initiative.”

    In April 2024, Google said it would be delaying the phasing out of third-party cookies until early 2025. It said, “We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators, and developers, and will continue to engage closely with the entire ecosystem. It’s also critical that the CMA has sufficient time to review all evidence including results from industry tests, which the CMA has asked market participants to provide by the end of June.”

    Also Read:

    The post A complaint was filed against Google in the EU for collecting user data without adequately asking for consent appeared first on MEDIANAMA.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.