Internet browser firm Brave said Wednesday that it discovered how Google works around GDPR (the EU’s information privacy regulation) to assist its advertising companions in identifying European internet users. Following the company, which provides its privacy-centered web browser, Google uses Push Pages that include unique identifiers to share info with its companions. Those pages seem like explicitly made for figuring out web users; they don’t have any other function.
This isn’t the first time Brave ruined allegations of GDPR violations against Google. The corporate told the UK Information Commissioner and Irish Data Protection Commission (DPC) in September last year that Google’s advertising methods were a “massive and ongoing data theft that impacts nearly every person on the web.” The disclosure of these Push Pages is supposed to help back those claims.
Brave stated the Push Pages rely on a “code of nearly 2,000 characters, which Google adds at the end to uniquely determine the person that Google is sharing details about” and which can be used at the side of other identifiers, like browser cookies. This makes it simpler for Google’s companions to connect data about website users and traffic even if they don’t seem to be technically being given their real identity.
The Push Pages do not appear to serve another purpose. Brave said they’re by no means visible to users, and even when someone enters their URL to visit them straight, they do not show any content material.
Google responded, saying, “We don’t serve personalized advertisements or send bid requests to bidders without user permission. The Irish DPC — as Google’s lead DPA — and the UK ICO are already looking into real-time request to assess its willingness with GDPR. We welcome that work and are co-operating in full.”