Two consumer groups have filed a complaint with the Federal Trade Commission alleging that Google broke the law by deceptively forcing a privacy-policy change onto users that allows the firm to build much more comprehensive files on individuals.
Consumer Watchdog, a prominent Google adversary on self-driving cars, joined Privacy Rights Clearinghouse in filing the FTC complaint on Monday.
The groups claim that Google’s privacy-policy change in June capped “a nearly decade-long deception that Google has perpetrated against its users, the FTC, and the public.”
A Google spokeswoman said the firm in June updated its ads system and user controls “to match the way people use Google today: across many different devices.”
“Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency,” the spokeswoman said. “As a result, it is 100 percent optional — if users do not opt in to these changes, their Google experience will remain unchanged.
“We provided prominent user notifications about this change in easy-to-understand language as well as simple tools that let users control or delete their data. Users can access all of their account controls by visiting My Account.”
The complaint to the FTC opens with reference to Google’s 2007 purchase of advertising-service firm DoubleClick, during which it “overcame significant privacy concerns by pledging to Congress, the Federal Trade Commission (FTC), and the public at large not to combine its users’ personally-identifiable information with DoubleClick’s vast browsing data.”
“Unsuspecting users accepted Google’s offer in droves,” the complaint said. “Google has now created the ‘super-profiles’ that privacy advocates warned against when Google acquired DoubleClick.”
“Google has given itself the power to track users across the overwhelming majority of websites in use in the world today, many of which appear to users to be entirely unconnected from Google,” the complaint said.
The two groups claim Google broke the FTC Act through “unfair or deceptive acts or practices” such as saying it wouldn’t combine personally identifiable information with DoubleClick’s browsing data and then doing so; repeatedly telling users it would be transparent about how it handled their data when it has instead been deceptive; reaping “massive troves” of user data under “false pretenses” and hiding the nature and extent of the policy changes in order to get users to consent to them.
“Each of these representations was intended to induce Google’s users to grant Google more and more access to their lives and their data,” the complaint said.
To be sure, the complaint acknowledged that Google has told users it might combine information from one service with personal information from other Google services and that users’ activity on other sites and apps may be associated with their personal information “in order to improve Google’s services and the ads delivered by Google.”
But, the groups argued, users “were not clearly informed of the significance of the changes — or ‘features’ as Google would have it — nor were they clearly and unambiguously given a chance to reject them.”
Existing users who didn’t want to accept the changes couldn’t reject them right away, but were instead given a “more options” button to click, which led to a another page where users could select “no changes,” the complaint alleged.
However, for new users, “the combination of personal and browsing data was done by default,” the complaint said, though it noted that Google does tell new users that it combines data among its services and across users’ devices.
“Anecdotally, many users who have activated the new features have no recollection of having done so, a testament to how deceptive the notice was,” the complaint said.
Users can also delete personal information, for what that’s worth. Google says it has to protect against accidental or malicious data removal, so “after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.”
Also, the groups noted, that in 2010 Google was caught using Street View cars to gather private data from private wi-fi networks, and was fined $25 million for that by the FTC in 2012.
“Fines Google has faced so far are but pocket change for Google. The company’s executives consider it merely the cost of doing business as they willfully violate our privacy,” said John Simpson, privacy project director at Consumer Watchdog. “The FTC must take meaningful action to stop this serial abuser and force it to give up its ill-gotten gains.”