Google is facing another GDPR-led inquiry into its advertising business after Ireland’s data protection watchdog began an investigation.
Ireland’s Data Protection Commission has launched a probe into Google Ad Exchange’s processing of personal data.
"The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation," the DPC said in a statement.
The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined, the watchdog added.
Google Ad Exchange allows brands to target people with ads based on data that Google has about them. Users will see different ads on the same website, depending on what data is held.
If found guilty, it would be the second time that a European regulator has taken action against Google for falling foul of GDPR, which came into force almost one year ago.
In January, French regulator CNIL fined Google €50 million (US$56 million) for improperly obtaining consent over personalised ads. Google had failed, CNIL ruled, to make users properly aware of how their data was being used across different Google services when they "accept" terms and conditions for using a single app, such as YouTube or Maps.
Under GDPR, a company can be fined up to 4% of its global turnover. Google earned $138.6 billion in revenue in 2018, meaning it could be fined up to $5.5 billion.