Austria/noyb v. Google Chrome

<aside> ✍🏼 Summary

</aside>

noyb has filed a complaint with the Austrian data protection authority against Google Chrome for violating the GDPR. The claim focuses on misleading and trick design, which gives a consumer no way of knowing they are actually consenting to Google processing their data for targeted ads.

In September 2023, Google said it would phase out third-party cookies from its Chrome browser. They introduced a “Privacy Sandbox”, which is meant to replace third-parties from tracking your activity with cookies. It’s offered as an ad privacy feature, but in reality, it is just Google doing the tracking in Chrome instead of the third parties.

When it comes up as an option in the EU, users can choose between turning on the ad privacy feature or saying no thanks. Google argued that this counted as consent, but by turning it on (based on the misleading information), you accept Google’s tracking while thinking you are just turning off third-party tracking.

noyb claims Google is going to an extreme level with dark patterns here, by lying outright to consumers instead of just using trick UI. “The only logical way to interpret the Privacy Sandbox pop-up shown to users is to think that Google Chrome is now starting to (technically) protect them from ad tracking. This message was even reinforced by the repeated use of words like ‘protect’, ‘limit’ and ‘privacy features’, accompanied by misleading imagery.”

Google’s main argument is that the new option is less invasive, which implies in itself that it’s still invasive.

Under the new system, Chrome now tracks every website you visit to generate a list of advertising topics. These include “Student Loans & College Financing”, “Undergarments” or “Parenting”, “Jobs & Education” and “Finance/Credit & Lending/Credit Reporting & Monitoring”. Advertisers then receive this information from the Chrome browser.

<aside> 💸 Sanctions

</aside>

<aside> 💬 Quotes

</aside>

Max Schrems, Honorary Chairman of noyb: “Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google’s first-party ad tracking. Consent has to be informed, transparent and fair to be legal. Google has done the exact opposite.”

Max Schrems: “If you merely steal less money from people than another thief, you can’t call yourself a ‘wealth protection agent’. But that is basically what Google is doing here.”

Max Schrems: “People are increasingly critical of the fact that big tech companies are making billions from invasive ad tracking technologies. Instead of actually improving the situation, Google is responding with a kind of unlawful ‘privacy washing’ by introducing a new tracking system.”

<aside> 📰 Post Text

</aside>

The organization noyb has filed a complaint against Google with the Austrian data protection authority, alleging violation of the GDPR. The complaint focuses on Google's "Privacy Sandbox" feature in its Chrome browser, which was introduced as a protection for third-party cookies. Noyb argues that this feature, presented as an ad privacy tool, is misleading as it allows Google to track user activity through dark patterns. Google's defense is that this new system is less invasive, despite still being invasive.