Google is fined up to $40 million for erroneous location tracking settings on Android

Share your love
Google is fined up to $40 million for erroneous location tracking settings on Android

Google has been fined A$60 millions (around $40 millionor more) in Australia for Android settings it used that dated back five years. The settings were found the 2021 court decision to mislead users regarding the collection of its location data.

The Australian Competition & Consumer Commission (ACCC) started actions in the case of Google along with its Australia subsidiary back in the month of October 2019 and then proceeded to bring this tech company to court over giving misleading statements to consumers regarding the collection and usage of the personal data on Android phones between January 2017 and December 2018.

In April 2021, the court determined that Google violated the Australian Consumer Law when it represented to certain Android customers that its “Location History” setting was the sole Google account setting that could affect the way it stored, collected and utilized personally identifiable information about their location.

However, a different setting — referred to as “Web and Application Activity The setting enabled Google to collect Android users’ locations and it was turned on by default according to the ACCC announced in an ACCC press announcement today. Aka, a traditional dark pattern that is a classic dark. (Actually Google deployed nested dark patterns in plural, as we’ll explain below.)

The authorities estimate that approximately 1.3 million Google accounts in Australia might have seen an image that was deemed to be in violation by the Court to have violated lawful Consumer Law.

“This significant penalty imposed by the Court today sends a strong message to digital platforms and other businesses, large and small, that they must not mislead consumers about how their data is being collected and used,” said ACCC chair Gina Cass Gottlieb in an announcement.

“Google, one of the world’s largest companies, was able to keep the location data collected through the ‘Web & App Activity’ setting and that retained data could be used by Google to target ads to some consumers, even if those consumers had the ‘Location History’ setting turned off.”

“Personal location data is sensitive and important to some consumers, and some of the users who saw the representations may have made different choices about the collection, storage and use of their location data if the misleading representations had not been made by Google,” she said.

According to the ACCC, Google took steps to correct its conduct before December 20, 2018, which meant that consumers across the country were not presented with the misleading ads.

When the decision of the court in the year 2000, Google said it disagreed with the court’s decision and it was contemplating an appeal. However, in the end it was decided to accept the fall.

(These aren’t as painful as they would be if the violations were not so recent (The ACCC observes that the majority of the sanctioned acts was committed prior to September 2018, that is prior to when any maximum penalties for violators in the Consumer Law was substantially increased from $1.1 million per violation to the present -the maximum of $10 million, which is 3x the amount of any benefits obtained or If the value cannot be established 10, 10% of the amount of revenue.)

The Court has also directed Google to ensure that its policies are in compliance with the law, as well as requirements to inform its staff on the nation’s Consumer Law, as well as contributing to the ACCC’s cost.

Google was approached for comment regarding the sanctions. A spokesperson for the company sent us the following statement:

We’re able to confirm that we’ve reached an agreement to settle the issue of historical behavior from 2017-2018. We’ve put a lot of effort into making information about location easy to manage and simple to comprehend using industry-first features like auto-delete control, and have significantly reduced the amount of information stored. We’ve proven it, and we’re committed to delivering continuous updates that allow users control and transparency, all while offering the most useful products that are possible.

Dark patterns in dark patterns

This ACCC announcement contains screen shots of Google alerts to Android users which the court ruled to be deceiving — that includes three different variants of Google’s web and Activity settings screen that are shown to users who are setting up the Google account to their devices that don’t mention the term “location” at all.

However, on one of themthat appeared between April 30 until December 19th, 2018the Google states that the option “saves your searches, Chrome browsing history and activity from sites and apps that use Google services” and then instructing them to keep the option of “save my Web & Activity to my Google account” (aka”opt to be tracked by Google) by recommending: “This gives you better search results, suggestions and personalisation across Google services.” However, nowhere is it explained that users are agreeing to being tracked by location.

If Android users choose to disable “Location History” — i.e. by using a separate setting that didn’t actually disable the location tracking of Google They could receive a confusing pop-up asking users to “Pause Location History?” According to Google explained, warning that their decision could “limit functionality of some Google products over time”.

It’s difficult to determine what the purpose of this particular setting, considering that the setting didn’t allow users to completely block Google from snooping over their location, and so it was primarily meant to spread confusion.

The message is followed by a second unclear line, telling users to “remember, pausing this setting doesn’t delete any previous activity” and directing users to yet another setting in which Google suggests that they “view and manage this information in your Location History map”. This is likely meant to lead users down a shambolic path while drawing their focus away to their Web & Activity settings, where Google has hidden a different setting for tracking location.

Other variations available of the Web & Activity setting which the court ruled were misleading to Android users in the period between the time of early 2017 until late 2018 include one that includes the full five options users could choose to take -the option of a variety of actions evidently designed to trick users into abandoning the “on” setting, as it’s not clear what the other options on the screen is.

“If you have multiple accounts simultaneously certain data could be saved to the default account. Find out more about this on support.domain.com,” runs one notable piece of Google small print without linking the specific URL for the consumer to the page where they could “learn more” (or just quickly find out there’s nothing to be learned and there is certainly not an off switch here).

This small-print section is mostly designed to block users from having to read the real descriptionn that describes this Web & Activity setting’s function — a setting that is set to ‘on’ since this crucial information is concealed beneath it (and above a more prominent tick-box). However, even there, Google isn’t clear It does not mention the word “location” in any way; there’s only a vague mention of “Maps” buried in a list that highlights ‘faster search as well as ‘customized experiences’ in order to convince users to take a stand.

The name of its wildly popular Maps product to represent a the location Google is implying that Android users require this setting in order to be able to use Maps instead of making it clear that the setting relates the ability of Maps to monitor their place of residence.

The same screen of setting additionally contains a pre-ticked checkbox alongside a further text, which says: “Include Chrome browsing history and activity from websites and apps that use Google services” So, Google seems to be separating settings for tracking, which is likely to be an emergency backup in case one of these previously checked settings are not ticked, which means it is able to at least collect information from the other.

There’s another small print that’s tucked under the stale wording “data from this device” that is titled: “Control reporting of App Activity from this device”. But this text isn’t immediately visually connected to any setting that the user can use — therefore anyone looking at it could believe it’s not leading them to a setting and then skip it.

The airgapped text below, toward the lower left of the screen is a hyperlinked link for “MANAGE ACTIVITY”. This text is bolderand is in all caps. It also draws the eye. What exactly is the point? Why is it that the user has to navigate through the new Google submenu hell in order to switch off tracking as this feature appears to suggest? You could simply toggle the switch that says “on” located at near the bottom of the screen…

Of course , everything created in this dark layer cake is pushing the user further away from any understanding of what’s happening with their personal data, in the hope that they quit and keep the default tracking turned off. This is a true masterclass in deceitful manipulative design.

A major Reboot?

Google’s announcement today regarding the ACCC sanction tries to suggest that all of the misleading information about location tracking has been done away with however, the company faces an ongoing investigation into similar practices within the European Union — open since February of 2020 — and may be held accountable for a larger fine if found to have violated the EU’s General Data Protection Regulation (as penalties could be to as high as 4 percent of annual global turnover).

Consumer watchdogs from the EU have filed complaints against Google’s misleading location tracking in November of 2018. This means that Google can continue to claim that it has moved on regardless of what happens.

A draft decision from Ireland’s DPA that is leading an investigation into the matter, will be anticipated this year, but the final decision may be delayed until 2023 as it needs to be examined by the bloc’s network of DPAs before a final agreement is reached on any possible enforcement.

However, there’s more to it to come — in the summer of this year, European consumer rights organizations filed a fresh set of lawsuits against Google and accused the company of misleading design in the account-creation process , which they claim leads users into committing to a sweeping and intrusive processing of their personal data.

The complaints show the number of clicks that are needed by Google to allow users to decide to not be tracked by Google instead of giving it the data keys… therefore plus it could changeright?

The slow pace of European privacy law enforcement suggests that Google could be in for a long period of in grace before any correctional orders arrive, making consumers vulnerable to privacy risks in the meantime.

But there’s some harder reform on the horizon: EU lawmakers recently agreed to include a ban on online platforms designing and deploying deceptive/manipulative and/or confusing interfaces in a forthcoming flagship update to the bloc’s digital rulebook.

The Digital Services Act (DSA) is designed to increase the accountability and responsibility of digital services, by directing management.

On dark patterns, the issue will depend on the specifics and meaning of DSA text and its interpretation however, there could remain space for platforms that are powerful to come up with ways to utilize predatory practices to deprive customers from their right to privacy and authority. The most important aspect that the DSA law has is that it includes a proactive role of the European Commission in enforcement (against bigger platforms — also known as VLOPs).

This will allow the executive of the EU to take over and issue guidelines regarding best practices in areas such as interface design. This is accompanied by a new capability to take on repeat offenders — when it is empowered to punish VLOPs with hefty fines if they do not follow the DSA’s rules which means that certain aspects of the EU’s consumer-oriented regulations could suddenly become more difficult to ignore. (The DSA will start applying starting next year.)

The penalties for violating the DSA can reach six percent of the world’s annual turnover. Therefore, the costs and risks of stealing personal data of people are surely growing. If it’s enough to cause tracking giants to some time to think and, if necessary to push for meaningful change to privacy-averse business models is yet to be determined.

Share your love

Leave a Reply

Your email address will not be published.