Blockchain-powered decentralized browser operator Brave (BAT) has filed a formal General Data Protection Regulation (GDPR) complaint against Google, stating that the search engine giant has violated regulations pertaining to its users’ data.
Brave claims Google has violated Article 5(1)b of the GDPR, a European Union data protection and privacy law that came into force on May 25, 2018.
Johnny Ryan, Brave’s Chief Policy and Industry Relations Officer, filed the complaint with the Irish Data Protection Commission, Google’s lead GDPR regulator in the EU.
Ryan says that by collecting personal data collected from users worldwide across its platforms, such as its search engine and YouTube, Google has effectively built a monopoly.
Brave has also petitioned the European Commission, as well as a number of European competition watchdogs – including Germany’s Bundeskartellamt, the UK Competition and Markets Authority and France’s Autorité de la Concurrence.
Brave said, in a statement,
“The GDPR purpose limitation principle requires that organizations internally ring-fence personal data and use it only for the narrow purpose it was collected for. Brave’s evidence shows that Google’s internal data free-for-all is unlawful.”
The company added,
“For six months, Johnny Ryan of Brave tried to learn what Google does with his data. Brave has now sought recourse from the [Irish] regulator to force Google to reveal what it does with everybody’s personal data. New Brave evidence […] offers a glimpse of what Google does with everyone’s personal data: hundreds of ill-defined processing purposes, and unknown legal bases.”
Brave has released a dossier of 100 documents its says Google has drafted for a variety of business clients, tech partners, lawmakers, developers.
Google brushed off the charges, with a spokesperson telling media outlet The Register that “repeated allegations from a commercial competitor don’t stand up to serious scrutiny.”
Ryan, however, stated,
“Google has to seek a legal basis for each specific purpose, and be transparent about them. But Brave’s new evidence reveals that Google reuses our personal data between its businesses and products in bewildering ways that infringe the purpose limitation principle.”
GDPR’s purpose limitation principle, per Article 5(1)b of the act, reads:
“Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”
Should the Irish regulator uphold Brave’s complaint, Google could technically find itself unable to automatically opt its users into services and use collected data across all of its own – and third-party – platforms.
Brave has recently struck a partnership deal that it says will allow users to spend its native tokens wit partner companies including e-commerce giant Amazon.