Australian regulator files privacy lawsuit against Google over location tracking

The Australian Competition and Consumer Commission (ACCC) has filed a privacy lawsuit against Google, accusing it of not informing users, for almost 2 years, about the settings they had to switch off for it to not keep their information. The regulator said that Google misled users about how it collected and used their location data. The matter is scheduled for a case hearing on November 14, per Reuters report.

Google kept users’ in the dark about what it was doing with their personal data: ACCC’s accusations

ACCC said that Google “collected, kept and used highly sensitive and valuable personal information about consumers’ location without them making an informed choice”.

Turning off “Location History” did not actually turn it off: The ACCC said when people set up their Google accounts on phones and tablets, they would have incorrectly believed that “Location History” was the only setting that affected whether the company was collecting a user’s location data. Whereas, the setting “Web and App Activity” also had to be switched off if users did not want their location data to be collected.

The Australian regulator said, “Google has failed to make clear to the consumers that they would need to change their choices on a separate setting titled “Web and App Activity” to prevent this location tracking.”

By default, the new Google accounts have location history turned off, while web and app activity turned on. However, if the later remained switched on, the company continued to collect personal information including the user’s location through the app, ACCC said.

Google didn’t inform users what it was actually doing with their personal data: ACCC further said that Google misled users by not informing them that their personal data could be used for purposes unrelated to the consumer’s use of its services, such as:

to personalise advertisements for other users;
to infer demographic information;
to measure the performance of advertisements;
to promote, offer to supply or supply advertising services to third parties; and/or
to produce anonymised, aggregated statistics (such as store visit conversions statistics) and share those statistics with advertisers.

The anti-trust regulator accused Google of breaching the Australian Consumer Law (ACL) since January 2017, on account of the above accusations.

It is worth noting that this case is ACCC’s first move against a major digital platform following the publication of the Digital Platforms Inquiry Final Report in July. Interestingly, ACCC had recommended limiting the market dominance of Facebook and Google to promote competition, strengthening the Australian Privacy Act, and giving Australians greater power over how their information is collected and used.

What did Google say? In response to MediaNama query, a Google spokesperson sent the following statement:

“We are currently reviewing the details of these allegations. We continue to engage with the ACCC and intend to defend this matter.”

Big Tech’s repeated run-ins with regulators

In January, a French regulator fined Google $55.5 million for breach of privacy laws under the GDPR rules. The regulator alleged that Google did not get valid user consent to gather data for targeted advertising.
Ireland’s Data Protection Commissioner is investigating Google over a complaint alleging breach of privacy laws.
The Norwegian Consumer Council had published a report which analysed a sample of Google, Facebook and Microsoft Windows privacy settings. The report concluded that these tech firms employ numerous tactics to persuade consumers towards sharing as much data as possible. It also said some aspects of privacy policies can be seen as “dark patterns”.
In Canada, an investigation into how Facebook gets consent for certain data practices by the office of the Privacy Commissioner of Canada was highly criticised. It concluded that Facebook users “had no way of truly knowing what personal information would be disclosed to which app and for what purposes”.