Privacy Woes: Google’s “Location History” Settlement
It all speaks to scale: the attorney generals of 40 states within the US clubbing together to charge Google for misleading users. On this occasion, the conduct focused on making users assume they had turned off the location tracking function on their accounts even as the company continued harvesting data about them.
The $391.5 billion settlement was spearheaded by Oregon Attorney General Ellen Rosenblum and Nebraska Attorney General Doug Petersen. “For years Google has prioritized profit over their users’ privacy,” stated Rosenblum. “They have been crafty and deceptive. Consumers thought they had turned off their location tracking features on Google, but the company continued to secretly record their movements and use that information for advertisers.”
The investigation was prompted by revelations in a 2018 Associated Press article “that many Google services on Android devices and iPhones store your location data even when you’ve used a privacy setting that says it will prevent Google from doing so.”
Despite Google’s claim that the Location History function could be turned off at any time, thereby not storing the data, the report found this assertion to be false. “Even with Location History paused, some Google apps automatically store time-stamped location data without asking. (It’s possible, though laborious, to delete it.)” As Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission’s enforcement bureau reasoned, “If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off.”
What the company failed to explain was that another account setting, the Web & App Activity, was automatically switched on the setting up of a Google account, irrespective of activating the “off” function in Location History.
Google’s explanation at the time proved typically unpersuasive. “There are a number of different ways that Google may use location to improve people’s experience, including: Location History, Web and App Activity, and through device-level Location Services,” a company spokesperson said in a statement to AP. “We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”
Since then, the company’s misleading approach to location data has been found wanting by the Australian Federal Court. The case, brought against Google by the Australian Competition & Consumer Commission (ACCC), noted that the account setting “Web & App Activity” allowed the tech giant “to collect, store and use personally identifiable location data when it was turned on, and that setting turned on by default.”
Last month, the Arizona Attorney General Mark Brnovich entered an $85 million settlement with Google for allegedly using “deceptive and unfair” practices regarding location tracking. It was the outcome of a lawsuit inspired by the Associated Press repot from 2018.
The settlement, the largest internet privacy settlement in US history, makes it clear that Google must make its disclosures on location clearer starting next year. Additional information for users must be made whenever a location-related account setting is “on” or “off”. Tracking location that is unavoidably gathered must be made clear, along with the types of location data Google collects and that data is used “at an enhanced ‘Location Technologies’ webpage.”
It also signals the growing scrutinising role played by states in the US unhappy with lax federal approaches to Silicon Valley. The state of Oregon, to cite an example, set up a dedicated Consumer Privacy Task Force in 2019, and consumer data privacy legislation is promised for the 2023 legislative session. Privacy breaches is one of a number of areas of focus, including harmful speech, illegal labour practices and antitrust violations.
In response to the settlement, Google spokesperson José Castañeda did what those of his ilk do: minimise the conduct, and cloak it in inoffensive garble. “Consistent with improvements we’ve made in recent years, we have settled this investigation, which was based on outdated product policies that we changed years ago.”
The entire profit-making premise of most big tech companies lies in using personal data. It’s the digital world’s fossil fuel, buried in unmolested reserves – till they are extracted. Location data is, to that end, invaluable, being, the Oregon Department of Justice notes, “among the most sensitive and valuable personal information Google collects.” A limited amount of location data is sufficient to “expose a person’s identity and routines and can be used to infer personal details.”
The ignorant and those labouring under the false assumption they have consented to the exercise are merely told they are dealing with products of sophistication. It’s all about the experience, and such abstract notions as privacy are duly treated as old hat and tat.
Millions have been expended by tech giants via their platoons of lobbyists to battle the trend towards greater privacy protections, notably those blowing in stern judgment from the European Union. Key targets have been the EU’s Digital Markets Act (DMA) and Digital Services Act (DSA), notably in the areas of surveillance advertising and access to platform data. The intent here, as Natasha Lomas writes, is one of “shielding their processes and business models from measures that could weaken their market power.”
According to lobbying documents obtained by Corporate Europe Observatory and Global Witness via freedom of information applications, the tech behemoths expended $30 million alone in 2020.
The Google Settlement may well be the largest of its type in the United States, but it hardly gets away from the central premise of why such companies exist. Apple has been particularly keen to throw cash at the effort. The lobby tally bill is striking: 3.5 million euros in 2020, followed by 6.5 million euros in 2021. The runner-up so happens to be Facebook (Meta), which added half a million euros to its EU lobbying budget for 2021. The previous year, the total was 5.5 million euros.
Such efforts show that the lawmakers within the United States and beyond can hardly afford to be too self-congratulatory. The battle is very much in progress, and Google, while bruised, is hardly defeated.
Dr. Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He currently lectures at RMIT University. Email: bkampmark@gmail.com