Crypto-Powered Brave Browser Files GDPR Complaint Against Google

The cryptocurrency-powered Brave browser has filed a formal complaint against Google over the General Data Protection Regulation (GDPR) in Europe.

According to an announcement published by Brave, the tech giant has been infringing Article 5(1)b of the GDPR, which sets the principle of “purpose limitation.” Essentially, the principle states that when an organization collects data on a user, said data should be used for specific, explicit purposes. It reads:

Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes…

In its complaint, filed with the lead GDPR regulator in Europe, the Irish Data Protection Commission, Brave argues Google collects data from its various products and reuses it between them “in bewildering ways that infringe the purpose limitation principle.”

In the announcement Brave details that for six months Dr. Johnny Ryan, its Chief Policy & Industry Relations Officer, asked Google what it was doing with its data, but claimed the tech giant “refused to properly engage with the question” after “several rounds of correspondence.” Dr. Ryan was quoted as saying:

Google has personal data about everyone. It collects this from products like YouTube and Gmail, and many other Google products that operate behind the scenes across the Internet. But merely having everyone’s personal data does not mean Google is allowed to use that data across its entire business, for whatever purposes it wants.

Along with the announcement, Brave released a study titled “Inside the Black Box” that goes into documentation written for Google’s business clients and partners. It reveals Google “collects personal data from integrations with websites, apps, and operating systems, for hundreds ill-defined processing purposes.”

Per Brave, Google cross-uses the data it acquires from websites, apps, and operating systems to “create a cascading monopoly,” that it then protects “by erecting cross-market barriers to entry, and foreclosing nascent competitors.”

Enforcing the GDPR would reportedly mean Google would no longer be able to automatically opt users into all of its products, and would give users more control over their data by giving them the ability to withdraw consent from it being used for specific products within Google.

It’s worth noting the Brave browser is competing with Google with its own advertising system, powered by the Basic Attention Token (BAT). It rewards users for seeing privacy-respecting ads they opt-in to see, and lets them reward content creators with the BAT they earn.

Featured image by Andrew Neel on Unsplash.