Brave, the crypto-friendly open source web browser has filed a formal General Data Protection Regulation (GDPR) complaint against Google.

According to Brave, Google has violated Article 5(1)b of the GDPR which sets forth the purpose limitation principle. This principle requires that organizations internally ring-fence personal data and use it only for the agreed purpose.

According to the blog post, evidence gathered by Brave shows that Google’s internal data free-for-all is unlawful. Brave’s Chief Policy Officer, Johnny Ryan filed the compliant with the Irish Data Protection Commission, Google’s lead GDPR regulator in Europe. Ryan claims Google has limitations concerning the usage of personal data it gathers about its users.

According to Ryan, merely having user’s personal data does not permit Google to use that data across its entire business. He said Google should rather seek a legal basis for each specific purpose and also be transparent in their data use. Ryan claims Google’s monopoly is based on its internal data free-for-all, hence enforcement of the GDPR would neutralize Google’s unfair data advantage.

Brave Browser leverages the Ethereum blockchain to offer a new type of advertising that rewards ad viewers on its platform. The web browser prides itself for promoting user privacy and security by blocking ads and website trackers. Unlike Google, Brave rewards its users for voluntarily watching advertisements using its native cryptocurrency, Basic Attention Token (BAT).