The European consumer protection organization noyb is filing a complaint against Google for "dark patterns".
The European consumer protection organization noyb has filed a complaint against Google, accusing the company of misleading users about the new "Privacy Sandbox" feature in the Chrome browser.
Earlier, in September 2023, Google announced the rejection of third-party cookies used for aggressive tracking of users ' online activities. However, according to noyb, the proposed replacement - "Privacy Sandbox" - actually performs the same tracking, only now the data is managed by Google itself inside the browser.
When you enable the sandbox, users are shown a pop-up window that says "Enable ad privacy". Users in the European Union are asked to choose between "Enable" and "No thanks". Google claims that clicking on the "Enable" button is considered consent to tracking under Article 6 (1) (a) GDPR. In fact, according to noyb, the company concealed the fact that choosing this option will lead to the inclusion of Google's own tracking.
noyb believes that the company specifically develops the wording and interface design in such a way as to maximize the number of consents from users. To do this, Google uses "dark patterns" - clever design decisions that mislead users. A pop-up window with a suggestion to enable "Privacy Sandbox" is written in such a way as to confuse people. Google uses the words "protection, "" restriction," and "privacy" to give the impression that the feature actually protects users.
NOYB Chairman Max Schrems said: "Google simply lied to its users. People thought they were agreeing to the privacy feature, but they were tricked into accepting Google's ad tracking system. Consent must be informed, transparent, and fair in order to be legal. Google did exactly the opposite
Google's main argument is that the new "Privacy Sandbox" is less invasive than third-party tracking systems. While this may be true, it does not mean that Google can act without complying with European data protection laws. Max Schrems noted: "If you just steal less money from people than another thief, you can't call yourself a 'wealth protection agent'. But that's exactly what Google is doing here."
With the help of the Privacy Sandbox, Google tries to fully control the analysis of its users ' online behavior: Chrome tracks all the sites visited and generates lists of interests based on this information, such as "Student Loans", "Underwear" or "Finance". This information is then passed on to advertisers.
Max Schrems noted: "People are increasingly criticizing the fact that big tech companies are making billions from invasive ad tracking technologies. Instead of really improving the situation, Google is responding with a kind of illegal 'privacy cover-up' by introducing a new tracking system."
According to article 4(11) of the GDPR, consent must be "a specific, informed and unambiguous expression of the will of the data subject". Given the extremely misleading pop-up window, the user could not have known that they were actually consenting to the processing of their data for targeted advertising. Instead, he was misled into thinking that Google would protect his personal data. This means that Google has clearly failed to meet the requirements for obtaining free consent under the GDPR.
noyb requires the Austrian Data Protection Authority (DPA) to instruct Google to bring its data processing activities in line with the GDPR, stop processing data collected on the basis of invalid consent, and notify the data recipients of the need to stop processing them. In addition, noyb suggests that the agency impose an effective, proportionate and deterrent fine on Google.
The European consumer protection organization noyb has filed a complaint against Google, accusing the company of misleading users about the new "Privacy Sandbox" feature in the Chrome browser.
Earlier, in September 2023, Google announced the rejection of third-party cookies used for aggressive tracking of users ' online activities. However, according to noyb, the proposed replacement - "Privacy Sandbox" - actually performs the same tracking, only now the data is managed by Google itself inside the browser.
When you enable the sandbox, users are shown a pop-up window that says "Enable ad privacy". Users in the European Union are asked to choose between "Enable" and "No thanks". Google claims that clicking on the "Enable" button is considered consent to tracking under Article 6 (1) (a) GDPR. In fact, according to noyb, the company concealed the fact that choosing this option will lead to the inclusion of Google's own tracking.
noyb believes that the company specifically develops the wording and interface design in such a way as to maximize the number of consents from users. To do this, Google uses "dark patterns" - clever design decisions that mislead users. A pop-up window with a suggestion to enable "Privacy Sandbox" is written in such a way as to confuse people. Google uses the words "protection, "" restriction," and "privacy" to give the impression that the feature actually protects users.
NOYB Chairman Max Schrems said: "Google simply lied to its users. People thought they were agreeing to the privacy feature, but they were tricked into accepting Google's ad tracking system. Consent must be informed, transparent, and fair in order to be legal. Google did exactly the opposite
Google's main argument is that the new "Privacy Sandbox" is less invasive than third-party tracking systems. While this may be true, it does not mean that Google can act without complying with European data protection laws. Max Schrems noted: "If you just steal less money from people than another thief, you can't call yourself a 'wealth protection agent'. But that's exactly what Google is doing here."
With the help of the Privacy Sandbox, Google tries to fully control the analysis of its users ' online behavior: Chrome tracks all the sites visited and generates lists of interests based on this information, such as "Student Loans", "Underwear" or "Finance". This information is then passed on to advertisers.
Max Schrems noted: "People are increasingly criticizing the fact that big tech companies are making billions from invasive ad tracking technologies. Instead of really improving the situation, Google is responding with a kind of illegal 'privacy cover-up' by introducing a new tracking system."
According to article 4(11) of the GDPR, consent must be "a specific, informed and unambiguous expression of the will of the data subject". Given the extremely misleading pop-up window, the user could not have known that they were actually consenting to the processing of their data for targeted advertising. Instead, he was misled into thinking that Google would protect his personal data. This means that Google has clearly failed to meet the requirements for obtaining free consent under the GDPR.
noyb requires the Austrian Data Protection Authority (DPA) to instruct Google to bring its data processing activities in line with the GDPR, stop processing data collected on the basis of invalid consent, and notify the data recipients of the need to stop processing them. In addition, noyb suggests that the agency impose an effective, proportionate and deterrent fine on Google.
