Privacy advocates, including an executive with browser company Brave, are telling EU regulators that Google and other ad companies profile consumers based on sensitive information.
The advocates -- who previously alleged that Google and others were violating Europe's GDPR -- said Monday that new evidence “reveals how ad auction companies, including Google, unlawfully profile Internet users’ religious beliefs, ethnicities, diseases, disabilities, and sexual orientation.”
The privacy watchdogs have brought complaints in the UK, Ireland and Poland.
“While it is acceptable for a library to mark an area with the words 'substance abuse,' it would not be acceptable for a library to mark a person who enters that section with those words too,” Brave's Johnny Ryan, Chief Policy & Industry Relations Officer, wrote today in a statement on the browser's website. “But online, these labels about what you read, watch, and listen to online can stick to you for a long time.”
The advocates specifically point to lists of content categories compiled by the Interactive Advertising Bureau's Tech Lab and Google. The advocates say IAB's Tech Lab “content taxonomy” includes the categories “infertility,” “cancer” and “diabetes,” among others.
Google's publisher vertical list includes “sexually transmitted diseases,” “male impotence,” and “substance abuse,” the groups say.
Google's publisher list -- based on content on the page -- is used to serve contextual ads, and to allow advertisers to avoid having ads appear next to content that is considered inappropriate for the brand.
The company says it doesn't create profiles of users based on sensitive data, or allow advertisers to target people based on sensitive categories including race, sexual orientation, health conditions and pregnancy status.
“If we found ads on any of our platforms that were violating our policies and attempting to use sensitive interest categories to target ads to users, we would take immediate action,” a Google spokesperson states.
The industry group adds that its protocols -- including its content taxonomy and OpenRTB -- aren't subject to Europe's GDPR.
“OpenRTB, as with HTTP or Wi-Fi, is a protocol that companies across the world can choose to use pursuant to applicable laws, regulations, and consumer preferences,” the group says.