Brave’s complaint against Google has resulted in an investigation

Brave, the company behind the privacy-focused free and open-source browser, is battling Google on and off the pitch, to use sporting terminology.

On the one hand, the browser hopes to make a dent in the market dominated by Google’s Chrome, and on the other, Brave is trying to go after the tech behemoth on grounds of serious and ongoing user privacy violations by Google’s adtech segment.

And Brave might just be succeeding, as the Irish Data Protection Commission (DPC) has acted on its complaint to launch the first probe into Google’s suspected breach of the EU Data Protection Regulation, the GDPR.

Brave’s complaint focuses on sensitive personal data collected by Google through its DoubleClick/Authorized Buyers ad system.

Brave alleges that this part of Google’s business, that rakes in nearly $20 billion a year, relies on the rampant collection of personal data from the 8.4 million websites the tech is installed on, to then leak that data to more than 2,000 companies – “hundreds of billions of times” each day.

Sensitive personal data that’s compromised in this way includes location and political, sexual, and religious identity of website visitors. Users, who are tracked around the internet, have their devices effectively tagged with unique identification codes for profiling purposes.

In addition, Google relinquishes control of the data once it is handed over to third parties, while users are unaware of the practice. And all this violates GDPR rules, states the complaint, filed by Brave’s Chief Policy Officer Johnny Ryan, also noting that the practice “appears to be by far the largest leakage of personal data ever recorded.”

The investigation is the first against Google for suspected breach of the GDPR, taking place a year since the regulation came into force in the EU.

If Google is found to be in violation of the GDPR, the Irish regulator could impose high monetary fines, or even force the company to stop using private data for advertising – something that would represent a serious blow to the giant’s business model.

Brave said that duplicate complaints had been filed last year in the UK and Poland, along with similar ones earlier this month in the Netherlands, Belgium, Spain, and Luxembourg.