17 Aug

An Associated Press report has accused Google of recording the locations of its users via their mobile devices, even when they have requested not to be tracked by turning their “Location History” off.

Discovered

The apparent tracking without permission was discovered as part of research, when a Princeton privacy researcher noticed in his account that Google has tracked his many different locations along a route after he had been travelling for several days, despite his Location History being turned off.

Also, research has revealed that, even when Location History is paused / switched off, some Google apps store time-stamped location data without specifically asking your permission. For example, Google stores data about where you are when you simply open the Maps app, automatic daily weather updates on Android can discover roughly where you are, and some searches apparently unrelated to your location can also pinpoint your exact latitude and longitude, and save it to your Google account.

Could Affect Billions

It is thought that this could affect around two billion Android and Apple devices which use Google for maps or search.

What Is “Location History” and Why Have It Anyway?

According to Google, Location History is one of several ways to improve the experience of users, and works for features such as Google Maps e.g. if you agree to let Google Maps record your location over time, it will display that history for you in a “timeline” that maps out your daily movements.

Google says that Location History helps you to find the places you’ve been and the routes you’ve travelled. Google states that, when you choose to enable Location History, it records your location data and places in your Google Account, even when you’re not using Google Maps.

What’s The Problem?

The problem is that Google also states that “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

Also, researchers have discovered that two things (rather than one) need to be opted-out in order to prevent tracking. Users need to disable both “Location History” and “Web & App Activity” in order to opt-out. Some commentators feel that this has not been made clear by Google.

The Issues

The issues with this are that:

– In the UK, for example, this may constitute a lack of transparency, openness and fairness under GDPR about what users are being told is happening to their data and what is actually happening.

– Users appear to have chosen to opt-out of something / not give their consent to something that relates to their privacy and the security of their personal data, and yet have not been opted-out completely by the company (possible issues of GDPR compliance).

– Some commentators have described it as ‘sneaky’ and it could certainly be an issue that affects the trust of users.

– Location data of this kind has been used by police (in the US) to track suspects, and could also potentially be used by other players e.g. cyber criminals if they had access to the user’s account. This could put users at risk.

– Location data can also be used to target people with location-based advertising. This may be something that users would like to avoid.

What Can You Do To Avoid Being Tracked In This Way?

The Associated Press has produced a guide which details what actions you can take to avoid being tracked by Google, even if your Location History on your mobile device is paused / turned off: The guide can be found here: https://www.apnews.com/b031ee35d4534f548e43b7575f4ab494/How-to-find-and-delete-where-Google-knows-you’ve-been

What Does This Mean For Your Business?

This story should be a reminder, particularly since the introduction of GDPR, that people value their privacy and security, and that businesses now have a strong legal responsibility to take this seriously. Transparency, fairness, and openness are vital when telling your customers what you’re doing /what you plan to do with their data. The issue of consent i.e. your customers choosing to withdraw consent and your business complying fully with those requests should be now be treated very seriously, and there must be consistency with what your company says it is going to do and what actually happens.

Sadly, it appears that all too often, large organisations / companies don’t appear to be handling our data in a way that we would like or have requested. For example, Facebook’s sharing of the personal data of 87 million users with Cambridge Analytica caused widespread outrage, and recently the ‘Deceived By Design’ report by the Norwegian government-funded Consumer Council has accused tech giants Microsoft, Facebook and Google of being unethical by leading users into selecting settings that do not benefit their privacy.

It may be that we have to wait a little longer and see a few more big tech companies being properly held to account before things start to really change for the better for users.