Google is under fire from both legal teams and activists after reports emerged that the technology giant tracked customers’ movements, even when they opt out.
The company has been slapped by a lawsuit, filed in the federal court last week out of California, alleging that Google is violating both California’s Constitutional Right to Privacy as well as California’s Invasion of Privacy Act. Similarly, activists on Friday wrote a letter to the Federal Trade Commission saying the act violates an 2011 FTC privacy settlement with Google.
Google’s latest privacy woes comes days after an Associated Press report claimed that the Google services prevalent on both Android and iOS phones – including Google Maps – store location data via the Location History feature, even when device users opting out.
San Francisco resident Napoleon Patacsil, who filed the complaint, said that since 2016, he has been attempting to limit Google’s tracking of his location by turning varying app Location History storage option off on his iPhone.
“Google expressly represented to users of its operating system and app that the activation of certain settings will prevent the tracking of users’ geolocations. This representation was false,” the class-action complaint said. “Despite users’ attempts to protect their location privacy, Google collects and stores users’ location data.”
Reports said that even when users disable their Location History feature in their settings for Google services, certain apps will still automatically store private location data, time-stamped, without asking.
The impacted apps serve various functions. They enable users to perform searchers, access Google maps or check the weather. Google will track locations on the apps to develop customized services, local search and for the purpose of advertising opportunities, the report said.
Patacsil for his part said this violates the California Invasion of Privacy Act, which mandates that individuals have the right to maintain certain privacy safeguards in their telephone-based communications.
“The Google suit is a watershed event — no matter the outcome — and ‘information privacy’ and ‘informed consent’ will now be part of the public conversation,” Todd Shollenbarger, chief global strategist at Veridium, told Threatpost. “Granting class action status will be the only way to genuinely explore the full range of data that is being collected, which could then be used to shape public policy and the regulatory framework governing privacy going forward.”
Similarly, activists with the Electronic Privacy Information Center (EPIC) on Friday wrote a letter to the FTC harshly criticizing Google’s tracking features. The letter said that Google’s Location History tracking feature violates the its 2011 settlement with the FTC after Google was charged with using deceptive privacy tactics around its social network, Google Buzz.
The letter also stressed that Google has not ended its location-tracking features since the AP report – rather, it has only tweaked its policies.
“Instead of ending the practice, Google simply reviewed its policy so that it could continue to track internet users,” said the letter. “This clearly violates Google’s 2011 settlement with the FTC. Google is not permitted to track users after they have made clear in their privacy settings that they do not want to be tracked.”
In a prepared statement to Threatpost, Google defended its tracking features: “Location History is a Google product that is entirely opt-in, and users have the controls to edit, delete or turn it off at any time. As the story notes, we make sure Location History users know that when they disable the product, we continue to use location to improve the Google experience when they do things like perform a Google search or use Google for driving directions.”
Google did not respond to further request for comment regarding the lawsuit.
“It’s disingenuous and misleading to have a toggle switch that does not completely work,” said Jesse Victors, software security consultant at Synopsys, in an email. “When Google builds a control into Android and then does not honor it, there is a strong potential for abuse.”
Google has been under fire along with other companies like Facebook over the past year for how it collects and uses data.
In June, the Norwegian Consumer Council said in an in-depth report that providers like Facebook and Google are embedding “dark patterns,” or exploitative design choices, into their interfaces — all in an effort to prompt users to share as much data as possible. For instance, when attempting to opt out of personalized advertising in Google’s GDPR popup, users were told that they will lose the ability to block or mute some ads, the report said.
