Device privacy continues be a top concern this year as consumers start thinking about when, how and why their personal data is collected. Google is the latest technology giant to find itself in hot water around privacy after a new report alleged that Google services track customers’ movements – even when they opt out.
An Associated Press report released Monday claimed that the Google services that are prevalent on both Android and iOS phones – including Google Maps – store location data, despite device users opting out.
The report found that even when users disable their Location History feature in their settings for Google services, some apps will still automatically store location data, time-stamped, without asking.
These apps serve various functions, including enabling users to perform searchers, access Google maps or even check the weather. Google will track locations on the apps to develop customized services, local search, and for the purpose of advertising opportunities, the report said.
Google for its part stressed in a statement to Threatpost today that it lets users know when it will continue tracking them, even when the “Location History” function is disabled: “Location History is a Google product that is entirely opt-in, and users have the controls to edit, delete or turn it off at any time. As the story notes, we make sure Location History users know that when they disable the product, we continue to use location to improve the Google experience when they do things like perform a Google search or use Google for driving directions.”
The Google support page states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored. When you turn off Location History for your Google Account, it’s off for all devices associated with that Google Account…. You can also turn off Location services for a device.”
Google’s privacy dilemma comes on the heels of several other major technology giants coming under fire for how they collect and use personal data. That includes Facebook, which has faced issues after data from its social media platform leaked through a third-party app. In July, Google, Facebook, Microsoft and Twitter also were scrutinized for their prioritization of end user privacy after announcing a standards initiative called the Data Transfer Project (DTP), which enables data portability between cloud platforms.
Privacy experts said that consumers deserve better clarification from large data-chugging vendors like Google about whether their private data is being collected, how it is stored and what purpose it serves.
“Since we’re talking about consumer-level services, the expectation of the consumer for an ‘off switch’ is what matters most,” said Tim Mackey, technology evangelist at Synopsys, in an email. “Users wishing their location be kept private indicate this preference through the ‘Location History’ setting. That any given application might have independent settings for location-related data is how an application developer or vendor approaches the problem. If vendors placed themselves in the shoes of a consumer and respected the setting, managing consent under regulations like GDPR would be simpler and the user’s expectations would be met.”
Todd Shollenbarger, chief global strategist with Veridium, said in an email that users have grown dependent on various so-called “free” services offered by Google and others in exchange for personal data, making it even more difficult to solve the information privacy dilemma.
“As we in the U.S. are beginning to see the emergence of privacy legislation … I think it would behoove us to re-examine the ‘consent’ assumption. It’s just simply wrong,” he said. “The report assumes that privacy self-management (consent) in the context of information privacy is workable — but I don’t believe it is. When it comes to information privacy, we need to start asking a different set of questions, such as: What data may legitimately be collected? What are legitimate uses for data that is collected?”
Users of Google services can check Google’s “My Activity Panel” site to review – and delete – their recorded activity on a point-by-point basis, including the activity that’s logged when Location History is turned off.