Google is planning to limit advertisers’ access to personal data to address user privacy concerns in a move criticised by online ad agencies as self-serving for the powerful search group.
The US tech company will from next February stop advertisers from viewing information that breaks down the content of an app or web page — ranging from music to sensitive topics such as drug abuse — when they bid for display adverts.
The decision comes after an FT investigation that found some of the UK’s most popular health websites have been sharing sensitive data, including medical symptoms and diagnoses, with companies including Google. The search company’s advertising arm, DoubleClick, was a destination for data from 78 per cent of the top 100 health websites.
Chetna Bindra, a member of Google’s user trust and privacy team, said it had decided to remove the information after discussions with data protection regulators. She said the change would stop advertisers from tying sensitive categories — such as religion, politics and sexual orientation — to individual users.
The change would “help avoid the risk that any participant in our auctions is able to associate individual ad identifiers with Google’s contextual content categories”, Ms Bindra said.
Advertisers and publishers said the move could increase Google’s control over user data and further entrench its dominance in online advertising.
Big tech and personal data
See below more coverage of the evolving relationship between tech companies and consumers’ personal information
Health websites are sharing sensitive data with advertisers
FT investigation reveals symptoms and drug names shared with hundreds of third parties
Apple launches research app in bid to gather users’ health data
Company hopes millions of users will opt in for array of medical studies
Google in talks to move into banking
Group’s interest comes after steps by Apple and Facebook into financial services
Jason Kint, chief executive of Digital Content Next, a US trade association for online publishers, pointed out that without third-party data about users, the value of “first-party” data, which is directly entered by users into websites, would rise to advertisers.
“This decision will at least enhance value of first-party data and Google Search is the most dominant place for first-party data, so it will hurt everyone except Google,” he said. “No company tracks the public across the web and our digital lives more than Google.”
Ireland’s data protection authority is investigating Google’s online advertising exchange, known as Authorized Buyers, which sits at the centre of the bidding process for online ads. Following complaints from Brave, a browser company, the regulator is looking into whether Google’s online advertising exchange illegally taps into sensitive personal information about internet users.
Johnny Ryan, chief policy officer at Brave, said Google’s change was insufficient to protect the privacy of users. “It appears Google will still broadcast bid requests that contain things like URL, approximate location and data to link these over time, to countless companies, billions of times a day. These data contain personal and special category data so this appears to be a cosmetic change,” he said.
While the revisions reflect the increasing regulatory scrutiny of data transfers, senior figures at ad agencies say Google’s tighter grip over data will potentially drive more business to its search advertising arm. One advertising chief executive said a restriction of data would simply mean “more power to Google”. Two other big advertisers said, however, that the move was probably aimed at reducing Google’s regulatory risk.
Get alerts on Cyber Security when a new story is published