A mechanism called “Push Pages” would create a unique identifier for each user. It would then be shared with the Authorized Buyers advertising auction customers.
Brave just planted a few more fangs in Google’s calves. In September 2018, its legal director Johnny Ryan and two other people filed a complaint against the computer giant for non-compliance with the RGPD. They felt that its online auction system for advertising placement (DoubleClick / Authorized Buyers) has the effect of collecting personal data from users and dispersing them to client advertising agencies, without the user being informed. .
Johnny Ryan adds a layer to this complaint by revealing a new tracking mechanism previously unknown. It consists of creating a snitch for each user, by loading empty pages called “Push Pages”. These pages, which the user does not see, have URLs that are unique for each user. According to the legal director, this identifier is then shared with different customers of the auction system of Google, which allows them to compare and share their data about this user. And, therefore, to establish his behavioral profile: which pages he visits, when, and so on.
Google would bypass its own protections
According to Brave, this hidden mechanism would bypass safeguards that Google himself had put in place to comply with the regulation RGPD. In April 2018, the web giant had indeed stopped communicating to its customers a number of identifiers related to Internet users, including the “DoubleClick ID”. It allowed users to track users as soon as they ran into an advertisement served by Google.
According to Brave, the “Push Pages” identifier reintroduces this tracking capability and provides new proof of the “toxicity” of real-time advertising auctions. As in September 2018, the publisher sent the technical details of his inquiry to the Irish Data Protection Authority.