Brave (BAT) Browser Set to Sue Google Over GDPR Infringement

Brave (BAT), a privacy-preserving web browser focused on revolutionizing the browser industry with cryptocurrency, has formally filed a complaint against search engine giant, Google for infringing the GDPR’s purpose limitation’ policy, according to a blog post on March 16, 2020.

Brave Irked by Google’s Unlawful Activities

As reported by BTCManager earlier in February 2020, the Brave Browser team sent a letter to the U.K.’s Competition and Markets Authority (CMA), drawing the regulator’s attention to Google’s unlawful data sharing practices which gives it an unfair edge over its competitors.

Fast forward to March 16, 2020, and Brave, through Dr Johnny Ryan, who functions as its Chief Policy and Industry Relations Officer, has filed a formal GDPR complaint against Google for going against the statutes of Article 5(1)b of the General Data Protection Regulation (GDPR).

Notably, Article5(1)b of the GDPR contains the “purpose limitation” principle, which requires organizations to only collect people’s personal data for specified, explicit and legitimate uses and refrain from using this information in a manner that is incompatible with the specified purpose.

Google’s a Black Box

However, Brave’s Dr. Johnny Ryan has made it clear that Google does not operate in line with the requirements of the GDPR purpose limitation principle, as it collects personal data of everyone through its numerous products on the Internet, including YouTube and Gmail and uses it for various unspecified purposes.

Dr. Ryan said:

“But merely having everyone’s personal data does not mean Google is allowed to use that data across its entire business, for whatever purposes it wants. Rather, it has to seek a legal basis for each specific purpose, and be transparent about them.”

Dr. Ryan further notes that evidence collected by the Brave team has shown that Google reuses people’s personal data across all its businesses in an unlawful manner.

“New evidence reveals that Google reuses our personal data between its businesses and products in bewildering ways that infringe the purpose limitation principle. Google’s internal data free-for-all- infringes the GDPR,” he added.

Interestingly, the Brave team has hinted that Dr. Ryan tried finding out the exact purpose Google uses his personal data for. However, for six months, the tech giant could not provide answers to the question.

Now, Dr. Ryan has filed a formal complaint with the Irish Data Protection Commission, which functions as Google’s lead GDPR enforcer in Europe.

Also, Brave has sent a letter to the European Commission, German Bundeskartellamt, UK Competition & Markets Authority, French Autorite de la concurrence, and the Irish Competition and Consumer Protection Commission and the firm has made it clear that it may drag Google to court if none of these regulators takes the necessary action.

Brave says it’s also releasing a study titled “Inside the Black Box,” which examines numerous documents drafted for Google’s business clients, partners, developers, and users. Brave says the study proves that “Google collects personal data from integrations with websites, apps, and operating systems, for hundreds of ill-defined processing purposes.”