The Austrian civil rights organization Noyb has filed a complaint with the Austrian Data Protection Authority (DSB) against the Privacy Sandbox technology promoted by Google as a replacement for third-party cookies. Activists complain that the US company is selling this process to users “as a function of ensuring privacy” in targeted advertising. Actually, there is a new form of tracking behind this. The user’s browser history and therefore “every click” and every online activity is still tracked. The only difference is that the tracking takes place via Google’s Chrome browser and a list of advertising topics is created based on the websites visited by users.
Advertisement
There was already a sandbox programming interface (API) in place when it was launched As per the complaint About 500 ad categories such as “study funding”, “underwear” or “parenting”. Google offers these preferences to users based on their online activities. An advertiser on a website that enables the sandbox API will ask Chrome what topics the user is interested in and then display potentially relevant banners. Although the browser blocks some tracking cookies from third-party providers, which has long been the standard for competitors, it continues to use user data for personalized advertising.
Noyb points out that according to the General Data Protection Regulation (GDPR), Google would actually need informed consent from users to activate this mechanism. However, the search engine giant is misleading them with its data protection promise. The company also conducted tests to ensure a high approval rate. So it can be assumed that the quick interface has been “optimized” through manipulative design tricks (“dark patterns”) to achieve an “extreme consent rate” such as 90 percent or more.
NOYB seeks deterrent fine for Google
Noyb explains that when opening Chrome, users are asked to activate the “ad privacy feature”. In the EU you will have the option to either click “Activate” or reject the system with “Not interested”. In a letter, Google argued that it actually understands the choice of the “Activate” option as consent according to the GDPR. Indeed, the company is hiding the fact that it is enabling “first-party tracking”.
The complainant argues that Google is also violating the GDPR’s requirement that personal data be processed lawfully and in a manner that is understandable to the individual. EU law classifies deceptive advertising as unfair business practices. The GDPR’s transparency requirements will also not be met.
Noyb founder Max Schrems points out that it may be that the Privacy Sandbox, which has already been postponed several times for most users, is less invasive than tracking via third-party cookies. But this does not mean that Google can simply ignore applicable data protection law: “If you steal less money from people than any other thief, you cannot call yourself a ‘money savior’.” The company engages in a type of illegal “privacy washing”. Noyb and the complainants are therefore requesting the DSB to instruct Google to bring its data processing in line with the GDPR. They also demand an “effective, proportionate and dissuasive fine”.
(MKI)
