Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label EU Digital Markets Act. Show all posts

Italy Investigates Google for Unfair Practices in Obtaining User Consent for Ad Profiling

 

Italy’s competition and consumer watchdog has launched an investigation into Google's methods for obtaining user consent to link activity across its various services for ad profiling, suspecting the tech giant of “unfair commercial practices.”

The focus is on how Google secures consent from users in the European Union to link their activities across platforms such as Google Search, YouTube, Chrome, and Maps. This linking allows Google to profile users for targeted advertising, which is a significant revenue source for the company.

In response to the Italian AGCM’s probe, a Google spokesperson told TechCrunch, “We will analyze the details of this case and will work cooperatively with the Authority.”

Since March, Google has been subject to the EU’s Digital Markets Act (DMA), which applies across the European Union, including Italy. The DMA requires gatekeepers like Google, Meta, X, Amazon, ByteDance, and Microsoft to obtain explicit consent before processing users' personal data for advertising or combining data across services. The AGCM’s investigation seems focused on this requirement.

The AGCM stated that Google's request for consent might be a “misleading and aggressive commercial practice.” It noted that the information provided by Google appears inadequate, incomplete, and could influence users' decisions regarding consent.

Interestingly, this investigation by the Italian authority diverges from the usual enforcement led by the European Commission (EC) against such gatekeepers. The EC's current DMA investigation of Google does not address consent for linking user data. Still, it focuses on other issues like self-preferencing in Google search and anti-steering in Google Play.

The Italian watchdog appears to be addressing a gap in the EC’s enforcement efforts. A Commission spokesperson acknowledged the AGCM investigation, noting it complements the DMA enforcement work and that gatekeepers must also comply with other relevant EU and national rules, including consumer and data protection laws.

In its press release, the AGCM expressed concerns that Google’s consent request lacks the necessary information for users to make an informed choice. It indicated that Google might not be transparent about the impact of linking user accounts or the extent to which users can limit consent to specific services.

The DMA mandates that consent for linking accounts for advertising purposes must meet the standards of the General Data Protection Regulation (GDPR), requiring consent to be “freely given, specific, informed, and unambiguous.” The GDPR also dictates that consent requests must be clear, accessible, and distinct from other matters.

Typically, data protection authorities enforce GDPR standards, but the DMA’s reference to GDPR consent standards has led to the AGCM scrutinizing Google’s consent flow. The AGCM is not only concerned with the information provided but also with how Google asks for consent, suspecting that the methods used may undermine user choice.

The watchdog believes Google’s consent flow might manipulate users into agreeing to link their accounts, potentially using “dark patterns”—designs that deceive or coerce users. The EU’s increasing regulation of digital platforms aims to address such manipulative tactics.

The DMA's reference to GDPR standards and the Digital Services Act (DSA) banning deceptive design practices enhance regulatory scrutiny over these choice flows. Recently, the EU’s first preliminary findings under the DSA revealed that the blue check system on X (formerly Twitter) might be an illegal dark pattern.