On November 14, Google announced that it will no longer give information about the type of page, website, or app to advertisers where their ad could appear. Google uses Real-Time Bidding (RTB), an advertising technology that allows companies and publishers to sell online ad impressions in real time, which can fund a variety of online content. It also uses programmatic advertising, which has allowed Google to have the majority of online ads bought and sold with machines.
Google stated that it has previously taken measures to protect user privacy, such as requiring users to consent to individualized ads from advertisers and data minimization when it is shared in the RTB requests, such as truncated IP addresses and resettable user IDs. Google announced that it will now do more to protect user privacy.
Starting in February 2020, Google will no longer include contextual content categories in the bid requests sent to buyers participating in the RTB auctions. Content categories describe the type of content on a specific page, website, or app; for example, news or weather. It is designed to help advertisers understand the type of webpage their ad may appear on. This helps ads to be placed on suitable sites. The content category policy resulted from an incident in 2017 where Google almost lost big clients after their ads ran on extremist Youtube videos.
Further, the change will help prevent advertisers from using Google services to build user profiles; ad buyers will not be able to associate individual ad identifiers with contextual content categories. Google stated it will update the EU User Consent Policy and audits for the Authorized Buyers program.
Others feel that Google is not doing enough to protect user privacy. “Google will still broadcast ‘bid requests’ that detail what you are watching, reading, or listening to to countless companies,” said Johnny Ryan, chief policy officer at Brave Software Inc., which makes an ad-blocking browser. “These bid requests will include information about where you are, and enough data to link things about over time.”
The change in user data privacy policy came after an investigation by European regulators. Google is currently being investigated by its lead regulator in the EU, the Irish Data Protection Commission, for Google’s data protection practices with Authorized Buyers. This probe could test the data-driven model the online ad industry uses. The probe is trying to determine if Google’s practices are in line with the EU’s strict privacy laws, the EU General Data Protection Regulation (GDPR), that mandate transparency and minimal data collection. It will look at if each stage of the advertising transaction is in compliance with GDPR. GDPR is designed to provide users to have greater control of their data that companies have about them. “Under the EU’s General Data Protection Regulation (GDPR), regulators have the power to impose fines for violations of up to 4% of a company’s global revenue or 20 million euros, whichever is higher.” While these laws only apply to European users, due to the global nature of the internet, users and online services around the world are affected by company adjustments to regulation. These new changes in Google’s data privacy could be a preemptive measure. The investigation came after a complaint from Brave, a private web browser, of a massive and ongoing user data and privacy breach.
“Every time a person visits a website and is shown a ‘behavioural’ ad on a website, intimate personal data that describes each visitor, and what they are watching online, is broadcast to tens or hundreds of companies,” Ryan explained in a post. “A data breach occurs because this broadcast, known as a ‘bid request’ in the online industry, fails to protect these intimate data against unauthorized access.”