Ireland's Data Protection Commission has launched its first major privacy investigation into Google since the European Union's General Data Protection Regulation went into effect last year.

The agency announced Wednesday that it's looking into Google's personalized ad practices under Section 110 of Ireland's Data Protection Act and GDPR, which restricted companies' ability to legally collect, process and share consumers' personal data without consent or a legitimate interest. Companies found to violate GDPR face a maximum fine of 20 million euros or 4% of annual turnover, more than $5 billion for Google.

"The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the [GDPR]," the agency said in a statement. "The GDPR principles of transparency and data minimisation, as well as Google's retention practices, will also be examined."

There have been a "number of submissions" to the commission over Google Ireland's processing of personal data for its "online Ad Exchange" practices, according to the agency.

That includes a formal complaint from Johnny Ryan, the chief policy and industry relations officer at Brave Software, who said in a post Wednesday that Google's ad sale transactions leak "intimate data about the people visiting these websites to thousands of companies every day."

"We will engage fully with the DPC's investigation and welcome the opportunity for further clarification of Europe's data protection rules for real-time bidding," a Google spokesperson said in a statement. "Authorized buyers using our systems are subject to stringent policies and standards."

Irish regulators' probe into Google comes as tech companies face increased scrutiny over data privacy practices, especially around targeted ad sales. The commission, which oversees a number of major U.S. tech companies with offices in Ireland, is also currently investigating Facebook over a breach impacting millions of users disclosed last year.

Helen Dixon, the head of the commission, told U.S. senators this month that her agency plans to wrap up its initial wave of GDPR investigations, 12 of which involve American companies, this summer. American lawmakers have held a series of hearings on a possible U.S. federal privacy law in the wake of GDPR, inviting witnesses such as Dixon to provide input on what's worked in Europe.

Read More: