Will ‘secret web pages’ land Google in hot water with the EU?

Google has again been criticised for its data practices following the discovery of “secret web pages” that provide advertisers with additional information about user activity.

An investigation by privacy-focused web browser Brave found that Google created “hidden” profiles for its users that contained information about their browsing habits, TechRadar reports.

The information would then be passed on to advertisers, resulting in users being “subjected to targeted adverts”, the tech site says.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Johnny Ryan, Brave’s chief policy officer and the investigation’s leader, submitted the findings to Ireland’s data regulator, which oversees Google’s European operations, accusing the search giant of “exploiting personal data without sufficient control or concern over data protection”, the Financial Times reports.

A Google spokesperson told the FT that the company had not seen the information discovered by Ryan and that it was co-operating with investigations in Ireland and Britain over the firm’s advertising practices.

“We do not serve personalised ads or send bid requests to bidders without user consent,” the spokesperson said.

The discovery means that Google could again find itself in trouble with the European Union over data protection.

In January, the tech firm was fined €50m (£44.8m) by French data regulator CNIL for not providing web users with sufficient information about how their personal data would be processed.

How did Google create the ‘secret web pages’?

Ryan discovered that Google’s Authorised Buyers advertising system, formerly known as DoubleClick, was creating hidden web pages with a “unique address” that “acted as an identifier” bespoke to him, the BBC reports.

The “so-called pseudonymous marker” can help monitor user browsing habits when combined with cookies, a “small piece of code” embedded in a site that tracks user activity on the web, the broadcaster notes.

While user tracking is commonplace on the internet, site owners must seek the permission of its visitors to activate cookies. The issue with Google’s hidden web pages, however, is that users were not given the option to consent to their web activity being tracked.

Ad firms claim the data collected through Google’s Authorised Buyers system is anonymised, but Ryan argues that the information is so detailed that it’s possible for companies to match it with an individual, The Times reports.

Ryan told the FT that the practice is “hidden in two ways: the most basic way is that Google creates a page that the user never sees, it’s blank, has no content, but allows … third parties to snoop on the user and the user is none the wiser.”

He added: “If I consulted my browser log, I wouldn’t have had an idea either.”

So is Google in hot water with the EU again?

Possibly. According to Ryan, the EU’s General Data Protection Regulation (GDPR) prohibits companies from processing “any personal data unless you adequately protect it”, The Times reports.

“There is no protection”, he said of Google’s ad pages. “It’s a data free-for-all.”

Google, however, is “perfectly open” about its advertising system and argues that it’s an “industry-wide practice”, the BBC says.

Ultimately, though, it’s up to the Irish Data Protection Commission and the UK’s Information Commissioner’s Office to determine whether Google has breached GDPR rules.