Europe's General Data Protection Regulation (GDPR) is more than a scheme to add another pop-up to every site you visit. It's a framework of regulations that govern how companies can use the data collected about people online. As perhaps the largest handler of personal data online, Google would inevitably face GDPR inquiries. Today, the Irish Data Protection Commissioner (DPC) has initiated the first GDPR investigation of Google, probing whether or not it misused data in order to target advertising.
The inquiry comes after several complaints to the DPC, including from the makers of Brave Browser. Brave alleges Google and other companies don't follow GDPR rules when they transmit personal data to other entities. Google's European HQ is in Ireland, so it's up to the Irish DPC to assess the claims under section 110 of the GDPR.
Google says it will cooperate fully with the DPC investigation, and it already has strong privacy controls. If the DPC finds Google violated the law, it could find itself with a steep fine up to 4% of its global revenue. This is something of a test case, too. Google and other online advertisers might be forced to change the way they use personal data in ads if the investigation goes badly.