European Consumer groups accuse Google of tracking its users’ location, calls it a breach of GDPR

Just when Google is facing large walkouts and protests against its policies, another consumer group has lodged a complaint against Google’s user tracking. According to a report published by the European Consumer Organisation (BEUC), Google is using various methods to encourage users to enable the settings ‘location history’ and ‘web and app activity’ which are integrated into all Google user accounts. They allege that Google is using these features to facilitate targeted advertising. BEUC and its members including those from the Czech Republic, Greece, Norway, Slovenia, and Sweden argue that what Google is doing is in breach of the GDPR.

Per the report, BEUC says “We argue that consumers are deceived into being tracked when they use Google services. This happens through a variety of techniques, including withholding or hiding information, deceptive design practices, and bundling of services. We argue that these practices are unethical, and that they in our opinion are in breach of European data protection legislation because they fail to fulfill the conditions for lawful data processing.”

Android users are generally unaware of the fact that their Location History
or Web & App Activity is enabled. Google uses a variety of dark patterns,
to collect the exact location of the user, including the latitude (e.g. floor of the building) and mode of transportation, both outside and inside, to serve targeted advertising.
Moreover, there is no real option to turn off Location History, only to pause it.
Even if the user has kept Location History disabled, their location will still be shared with Google through Web & App Activity.

“If you pause Location history, we make clear that — depending on your individual phone and app settings — we might still collect and use location data to improve your Google experience.” said a Google spokesman to Reuters.

“These practices are not compliant with the General Data Protection Regulation (GDPR), as Google lacks a valid legal ground for processing the data in question. In particular, the report shows that users’ consent provided under these circumstances is not freely given,” BEUC, speaking on behalf of the countries’ consumer groups, said.

Google claims to have a legitimate interest in serving ads based on personal data, but the fact that location data is collected, and how it is used, is not clearly expressed to the user. BEUC calls out Google saying that the company’s legitimate interest in serving advertising as part of its business model overrides the data subject’s fundamental right to privacy. BEUC argues that in light of how Web & App Activity is presented to users, the interests of the data subject should take precedence.

Reuters asked for comment on the consumer groups’ complaints to a Google spokesman. According to them, “Location History is turned off by default, and you can edit, delete, or pause it at any time. If it’s on, it helps to improve services like predicted traffic on your commute. We’re constantly working to improve our controls, and we’ll be reading this report closely to see if there are things we can take on board,”.

People are largely supportive of BEUC on the allegations they made on Google.

However, some people feel that it is just another attack on Google. If people voluntarily and most of them knowingly use these services and consent to giving personal information, it should not be a concern for any third party.

“I can’t help but think that there’s some competitors’ money behind these attacks on Google. They provide location services which you can turn off or delete yourself, which is anonymous to anyone else, and there’s no evidence they sell your data (they just anonymously connect you to businesses you search for). Versus carriers which track you without an option to opt-in or out and actually do sell your data to 3rd parties.”

“If the vast majority of customers don’t know arithmetic, then yes, that’s exactly what happened. Laws are a UX problem, not a theory problem. If most of your users end up getting deceived, you can’t say “BUT IT WAS ALL RIGHT THERE IN THE SMALL PRINT, IT’S NOT MY FAULT THEY DIDN’T READ IT!”. Like, this is literally how everything else works.”

Read the full conversation on Hacker news. You may also go through the full “Every step you take” report published by BEUC for more information.

Read Next

Google employees join hands with Amnesty International urging Google to drop Project Dragonfly.

Is Anti-trust regulation coming to Facebook following fake news inquiry made by a global panel in the House of Commons, UK?

Google hints shutting down Google News over EU’s implementation of Article 11 or the “link tax”