OK Google...Are you illegally sharing my location data?

The ACCC is navigating uncharted territory, as it cracks down on Google’s use of location information.

Every day we forfeit our personal data to access digital services, be it free Wi-Fi, a virtual map or simply reading an article online. The more tech savvy among us would advise to simply amp up the privacy settings on your device to avoid the prying eyes of tech companies.  But sometimes, even this is not enough!

The Australian Competition and Consumer Commission (ACCC) is tackling this issue, as it takes action against Google for depriving consumers of the option of keeping their location data private.

Did Google mislead consumers?

The ACCC asserts that Google has breached the Competition and Consumer Act 2010 (Cth) by preventing users from being able to make informed choices about how much personal information they provide to the company.

It alleges that Google did not adequately explain to consumers that they would have to switch off two settings to prevent Google from accessing their location information. The first setting was intuitively called ‘Location History’, whereas a necessary second step was hidden away under the less obvious label, ‘Web & App Activity’. The majority of users were unaware of this second step, as it did not explicitly state that it pertained to location information.

The ACCC alleges that had Google been clearer in relation to these settings, users may have taken steps to stop the company from obtaining and using their information without their knowledge. Understandably, many consumers are uncomfortable with Google having access to data which enables them to extrapolate a wealth of information about their lives, preferences and daily routines, and which is vulnerable to further disclosure and potential misuse.

If the ACCC is successful, Google could face up to A$10 million in fines. As the company made US$116 billion last year in advertising alone, the fine may serve as less than a gentle slap on the wrist. Nonetheless, the proceedings may shed light on Google’s conduct and on how consumers can go about protecting privacy on digital platforms.

What does this mean for digital privacy?

This practice of companies obfuscating their privacy practices is commonplace and is known as ‘concealed data practices’. Deceived by Design, a report published by the Norwegian Consumer Council, stated that Google, Facebook and Microsoft Windows employ numerous tactics in order to encourage consumers toward sharing as much information as possible. The report found that privacy policies, through simple interface designs, can trick users into doing things that they might not want to do.

If the ACCC are successful, it may pave the way for more accountable and transparent data management practices to facilitate a higher level of consumer protection.

The ACCC has also taken this opportunity to re-emphasise its recommendations from the Digital Platforms Inquiry it conducted earlier this year. This case highlights the need to strengthen privacy laws, including an expanded definition of ‘personal information’ that includes location data and other technological identifiers, as well as stronger disclosure and consent obligations on companies to enable consumers to make informed and meaningful choices about their personal data.

But let’s not be naïve here—many have signed our privacy away voluntarily through loyalty points and schemes, at least to some degree. We could all afford to be more vigilant.

If you have concerns about your personal information security, or about your organisation’s compliance with its privacy obligations, please get in touch with our Business team.

Written by Lauren Babic with the assistance of Claudia Weatherall.