Last year, the European Union adopted the General Data Protection Regulation (GDPR) designed to boost privacy rights in the union. Under this regulation, companies in the EU cannot use a consumer's personal data without informed, explicit consent. A company found to have violated the GDPR can be socked with a fine as large as 4% of the company's prior year global revenue.
With Google's European headquarters based in Ireland, Reuters says that the company is now being investigated for GDPR violations by the Irish Data Protection Commissioner (DPC). The genesis of the complaint is interesting. The developers of an app called Brave Browser were among those claiming that Google is not playing by GDPR rules when it collects personal data for advertisers. When someone using the Browser visits a website, the app's developers state that personal information belonging to the user is sent out to hundreds of companies without the user's knowledge. These companies use this data in order to place bids to place targeted ads
"We will engage fully with the DPC's investigation and welcome the opportunity for further clarification of Europe's data protection rules for real-time bidding. Authorized buyers using our systems are subject to stringent policies and standards."-Google
If Google is found to have violated the GDPR, it could be fined as much as $5.52 billion based on the company's 2018 global revenue of $138 billion. And Google is not the only tech firm under investigation by the DPC. As it turns out, Ireland is where many tech giants hang their hats in Europe and 17 tech firms are under investigation there for possible GDPR violations. Among them are Apple, Twitter, LinkedIn, Facebook and some of its units including WhatsApp.