Google is contending that European privacy rules don’t apply to its ad networks, and is asking a judge to declare that a court in Belgium does not have the authority to enforce those rules.
Google’s defense has brought both praise and consternation from the European Union, one of the world’s largest technology markets.
Since 2015, consumers in the 28 EU countries have the right to ask Google to delete their information. Specifically, they can ask Google to delete their name, email address, user ID and other information that Google collects about them, including browsing history and search requests.
Google says the British and Belgian privacy regulators tasked with enforcing the rules don’t have the authority to compel Google to obey those laws. Google’s defense was recently filed as part of Belgium’s anti-trust case against Google.
While many European regulators have praised Google’s defense, two European privacy organizations described the move as an “escalating escalation of unlawful practices” and called on the companies involved in the lawsuit to “stop the predatory practices and work together to prevent further harm to consumers.”
The complaint against Google was first filed in 2014 by French nonprofit group La Quadrature du Net. The next year, Belgian privacy regulators joined the complaint.
Google said it “has always believed that French and Belgian privacy law does not apply to our ad services, and this case shows it still does not.”
Google is arguing that European privacy laws don’t apply to ad networks because the data collected by Google’s ad network for ad purposes is outside the EU, Google argues in its defense.
The EU’s General Data Protection Regulation is seen as the most comprehensive update to EU data protection rules in 20 years. The law covers both individual consumers and companies like Google.
Companies cannot ask users to delete information unless they give users “express prior consent” to share the information.
Companies also have to be explicit about how much they are asking users to share. If a company asks a user to share information without informing the user that they are sharing information about search history, it could mean that the consumer has valid notice they are sharing information about their search history.
Google gave Belgian regulators “consultation requests on Google’s ad networks” last September and today’s filing represents the EU’s response.
The European Commission’s data protection service praised Google’s efforts to “work collaboratively with regulators to engage on the evolution of personal data protection in Europe” in a statement.
The Commission has said that Google’s “use of non-personal data, combined with the collection of personally identifiable data, for advertising purposes constitutes a form of profiling, which is also against EU law.”
A company’s aim to be compliant with the law can mean that it will have to ask users to delete at least some information, and be more explicit about what kind of information it is asking for. The Commission has said that it is up to companies to determine what is more secure than advertising.
But Google says that it is legal to collect user data in Europe and use it elsewhere. The company argues that while it collects and uses information for advertising, the information it collects can’t be tied back to someone or anything in the EU.
For example, data has not been collected about users who search for information about “it has its roots in France,” according to Google’s filing. If a user searched on “It has an English name.” Google does collect data, but it is not about “personalité,” the company argues.