Millions of Google users may have had their online browsing habits secretly tracked and passed on to advertisers, new reports have claimed.
An investigation by privacy-focused browser Brave found that Google used hidden secret web pages to collect user data and create profiles that would let users be subjected to targeted adverts.
The evidence is now being reviewed by the Irish data regulator, with a potential GDPR fine on the way if Google is found to have broken data protection laws. The company is accused of "exploiting personal data without sufficient control or concern over data protection".
- The best browsers 2019: the best ways to get online
- Over 400 million Facebook user phone numbers exposed online
- These are the most popular Google Chrome extensions
The practice was uncovered by Brave's chief policy officer Johnny Ryan, who tracked his personal data and found it was being traded on Google‘s advertising exchange platform Authorized Buyers, formally known as DoubleClick.
According to Ryan, Google had labelled him with an identifying tracker that it fed to third-party companies that logged on to a hidden web page.
Brave then commissioned research with "hundreds of people" recrutied to try and reproduce Ryan's experience, with the company finding that Google's practices did appear to create a secret web page identifier that was unique to each user.
These identifiers, which noted the user's location and time of browsing, were found to have been shared with multiple advertising companies in an attempt to boost the effectiveness of targeted advertising.
In a statement to the Financial Times, Google said it was co-operating with the Irish data regulator in its investigation.
“We do not serve personalised ads or send bid requests to bidders without user consent," the company added.
- Keep your online browsing secure with the best VPN software 2019