Australia’s competition and consumer rights watchdog — Australian Competition & Consumer Commission — on July 26, sued Google for allegedly “misleading” “millions of Australians” to collect “potentially sensitive and private” browsing history of its users, without people’s informed consent. It said that the company did not gain explicit consent from users, about its move in 2016 to start combining personal information in consumers’ Google accounts with information about those individuals’ activities on non-Google sites that used Google technology, formerly DoubleClick technology, to display ads.

“This meant this data about users’ non-Google online activity became linked to their names and other identifying information held by Google. Previously, this information had been kept separately from users’ Google accounts, meaning the data was not linked to an individual user.Google then used this newly combined information to improve the commercial performance of its advertising businesses,” the regulator said in a statement. It also alleged that Google misled consumers about a related change to its privacy policy.

“We are taking this action because we consider Google misled Australian consumers about what it planned to do with large amounts of their personal information, including internet activity on websites not connected to Google,” ACCC Chair Rod Sims said. “The use of this new combined information allowed Google to increase significantly the value of its advertising products, from which it generated much higher profits. The ACCC considers that consumers effectively pay for Google’s services with their data, so this change introduced by Google increased the “price” of Google’s services, without consumers’ knowledge,” Sims said.

Users allegedly misled over what the “I Agree” button meant: From 28 June 2016 to at least December 2018, Google account holders were prompted to click “I agree” to a pop-up notification from Google explaining how it planned to expand the use of personal data in order to gain consent, ACCC said. After June 2016, when consumers clicked on the “I agree” notification, Google began to collect and store a much wider range of personally identifiable information about the online activities of Google account holders, including their use of third-party sites and apps not owned by Google, it alleged.

It further said that the “I Agree” button was misleading because consumers could not have properly understood the changes Google was making nor how their data would be used, and so did not – and could not – give informed consent. “We believe that many consumers, if given an informed choice, may have refused Google permission to combine and use such a wide array of their personal information for Google’s own financial benefit,” Sims said.

‘Changes to privacy policy were misleading’: The regulator also questioned a change in Google’s privacy policy made in June 2016, essentially stating that users’ activities on other sites could be used by the company to target ads at them. While making this change, Google had allegedly also stated that it will “not reduce your [users’] rights” without their explicit consent.

However, the ACCC said that Google did not in fact obtain consumers’ explicit consent for this change to the privacy policy, and that Google’s statement that it would not reduce consumers’ rights without their explicit consent was therefore misleading.

Google is also facing a separate ongoing privacy lawsuit filed by the ACCC over how it uses users’ location data. It has accusing Google of not informing users, for almost 2 years, about the settings they had to switch off for it to not keep their information, and that it misled users about how it collected and used their location data.

Also read: