Brave accuses Google of using 'hopelessly vague' privacy policies that breach GDPR

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Google has been accused of breaching one of the General Data Protection Regulation's (GDPR) principles surrounding consent that requires companies to provide a specific purpose for collecting and processing user personal data.

In a complaint [PDF] filed to the Irish Data Protection Commission (DPC), Chromium-based browser Brave alleges that Google's privacy policy infringes the GDPR "purpose limitation" principle as it "does not transparently and explicitly specify the purposes for which the data is collected and processed".

The GDPR's purpose limitation principle requires organisations to only collect and process personal data for a narrow purpose that must be explicitly expressed to consumers.

Labelling Google's privacy policies as "hopelessly vague and unspecific", Brave chief policy and industry relations officer Johnny Ryan said Google's reasons for collecting data and allegedly limiting detail about how the information is used -- such as "developing new services" -- resemble examples of bad practices that have been drawn out by the GDPR.

Ryan also alleges that while Google provides personalised ads for users based on their interests, it has limited information regarding the purposes of processing and why users are seeing a certain ad.

"It is not apparent from the policy which activity, product, or interaction is covered by which purpose. It is therefore difficult (if not impossible) to decipher if and when a particular purpose applies, for example, to data collected or processed in the context of YouTube, Authorised Buyers or Maps etc," Ryan said in the complaint.

The complaint also includes a study, called Inside the Black Box [PDF], which itemises Google's processing purposes for collecting personal data from integrations within websites, apps, and operating systems. The processing purposes range from accounting to advertising to transactions. [....]
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
This is great, let's see how this is handled and treated by EU-court. This also could have implications for Windows10 telemetry (not the basic but the full diagnostic data). I understand that for compability and driver issues Microsoft wants to know on what hardware Windows10 is running (basic), but for what “specified, explicit and legitimate purposes [GDPR article 55(1)(b)]" Microsoft wants to know what websites I visit and movies I watch (just to mention two examples) raises questions at the least (full diagnostic data in Windows10).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top