Recently, I wrote about the Brave team’s report on the data collecting and bidding practises in government-associated websites in the United Kingdom. The conclusions in that report were shocking, as it was found that many of the nation’s council websites had data collected without permission.

Almost 7 million accounts were linked to data broker LiveRamp, which until recently was associated with Cambridge Analytica.

These include accounts linked to websites related to disability and addiction. Google serves 196 of UK’s council websites and the data made available through the Real-time Bidding (RTB) system includes location, interests and the media that is being consumed.

I recommend you read the full report to get a sense of the degree to which our data is being used, and the extent to which the likes of Google and Facebook have a control of the market.

Following up on that case, Brave has now come out with criticism and recommendations on how the failure to enact GDPR (General Data Protection Regulation) regulation has allowed Google to seize the advertising market, to the detriment of end users.

So now Brave is putting more energy into the exploitation of data by tech monopolies.

Brave Magnifies Google Criticism, Says it is Built on Unfair Advantages

On February 18, Brave published another telling post on Google’s practices and the UK’s Competition & Markets Authority inadequate policing. The formal report revealed a lot about how there were flaws in the enforcement of GDPR regulation and the consequences of those flaws.

The Brave team, led by Johnny Ryan, the company’s Chief Policy & Industry Relations Officer who had previously described to authorities how Google circumvented GDPR regulation, wrote a letter to the CMA that covered a wide range of things.

It was specifically designed to address two issues: “a functional separation of digital platforms” and “internal and external enforcement” of data on RTB markets.

Together, if these solutions are enforced, it would greatly enhance data protection.

The post says that Google’s monopoly is built on an internal data free-for-all - essentially because Google’s various data verticals and processes gather data from several consumer facing platforms and third party apps. Similar things are said about Facebook.

Their competitors are at a disadvantage, simply because they do not have as many sources of data and types of data as the two companies do. Specifically, the way the laws enforced means that there is a lack of protection when it comes to this internal free-for-all.

The team looked at the GDPR regulation to see where it is that current enforcement failed.

The letter points to several articles in the GDPR regulation, including Article 5(1)b and Recital 32, which in a nutshell, state that the data must be used for explicitly stated purposes only and that consent should be given for each of the processes in data collection and use respectively.

Brave Advises Both Internal and External Enforcement for RTB Markets

Brave describing both internal and external enforcement of data protection.

The second half of the report refers to the functioning of RTB markets. In this extended section, the CMA’s report is first proved incorrect for its view “that robust enforcement of EU data protection law in the real-time bidding online advertising market would advantage Google.”

It offers 3 thorough arguments against the CMA’s reservations in enforcement of protection in RTBs, which I suggest you read for yourself. I would like to point out one particular section in this part, which falls under the heading “privacy harm.”

Reiterating what was said in the previous report, Brave notes that the RTB systems “broadcast what Internet users read, watch, and listen to online to thousands of companies, without protection of the data once broadcast.”

This can have severe ramifications.

They offer a few examples to illustrate the nature of the problem: pricing products differently for customers or micro-targeting voters with misinformation. We all know what the internet has done for elections.

Furthermore, this occurs on a scale of billions of times per day, without knowing how or where it will be used.

So What Does Brave Recommend for Data Protection?

Brave's recommendations.

Brave ends the report with some recommendations on how to proceed with regulation. I’ll summarize the key takeaways of this.

First, it recommends that limitations be established so that platforms do bundle their services and thereby enforce functional separation.

Second, it suggests that CMA should work with European data protection authorities to enforce this purpose limitation. The European Data Protection Supervisor (EDPS) is hosting a meeting in Spring 2020 and this is an ideal opportunity to collaborate and ensure better standards.

Third, it should do the same with the European Commission DG Competition and California’s Department of Justice.

Fourth, it urges the CMA and the Information Commissioner’s Office (ICO) to enforce regulation on the external free-for-all, which would help end data exploitation.

Lastly, it asks the CMA and ICO to work with Irish and Belgian data protection authorities to ensure robust protection against internal and external data free-for-alls in digital advertising.

Conclusion

In short, Brave has now examined the flaws in the advertising system in the UK and provided recommendations that can prevent monopolies from cementing their position, allowing for a freer and fairer market, both for other platforms and consumers.

Brave has actually been looking into RTB markets since 2018 and they have posted a timeline of RTB complaints, which offers a comprehensive look into how it has “gathered evidence on the biggest data breach in history.” Brave is working with 21 entities to end data exploitation using GDPR.

Fortunately, we now have alternatives in the selection of our online platforms, as well as a growing awareness in public consciousness that we must resist the exploitation of our data.