Irish Data Protection investigates Google over Ad Exchange

The Data Protection Commission in Ireland is investigating the way in which Google offers ad services throughout the EU.

The Irish regulator is aiming to find out if the methodology the tech giant employs when using personal data to target advertising online falls within the rules set by the EU’s General Data Protection Regulation (GDPR).

Google’s system, called Ad Exchanged helps companies ensure their ad campaigns get seen and heard by the right consumer groups in cyber space.

If found in violation of standards stipulated by the GDPR, the Irish Data Protection Commission (IDPC) could issue the search engine with a fine of up to 4% of its global annual turnover.

Speaking to the BBC, IDPC spokesman Graham Doyle, said:

“The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR).”

In response, Google said:

“We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorised buyers using our systems are subject to stringent policies and standards.”

California-based Google was fined €50 million ($55m; £44) by French regulator CNIL earlier in 2019 for a “lack of transparency, inadequate information and lack of valid consent regarding ads personalization”, a ruling that Google is appealing against.

A number of the US tech giants have their European headquarters in Ireland, including Google, Intel, Boston Scientific, Dell, Pfizer, Hewlett Packard and Facebook. The data privacy compliance of these organisations’ activities in Europe is taken care of by Irish watchdog, the Data Protection Commission.

Earlier in May, the IDPC described how it currently has 51 major probes in progress. Seventeen of these investigations concern the processes employed by companies such as Twitter, LinkedIn, and Apple, while other investigations are underway into Facebook and its subsidiaries, Instagram and WhatsApp.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.