Login     Sign Up     |      Home      Regions      Verify a Certification     EBA Portal    

Privacy Concerns Grow as Google Tracks Shoppers Offline

In July 2017, the Federal Trade Commission is being asked to look into the new advertising program launched by Google by an important privacy rights watchdog. The program they want investigated is a program capable of attaching the online behavior of a client to their purchases in brick and mortar stores.
The Electronic Privacy Information Center filed its legal complaint with the FTC on the basis that Google has gained access to extremely sensitive information of users. Information like debit or credit card records and have refuse to offer clients an effective way to opt out. They say Google won’t even reveal how they manage to get that information. However, the group stated that a secretive technical method of data protection is used by Google, claiming this method ought to be audited by another party and is like almost everything else, susceptible to hacking or other forms of violation.
The organization’s executive director, Marc Rotenberg stated that Google is gradually taking its internet and online dominance into the offline/real world and it must be checked by the FTC. “Common” is what Google calls its advertising approach, however, stated that they have put in resources to create a new custom encryption technology capable of keeping data secure, private and anonymous.
Google stated that for them to achieve this, they have successfully obtained access to the debit and credit information of over 70% of United States users. It also stated that it developed a formula which helped it make the information random and anonymous, thus encrypting transactions and making an automatic match of transactions to millions of Google and Google owned service users in the US. The idea is so Google will not be able to gain access of debit or credit card data of specific individuals.
However, this mathematical formula used in data protection wasn’t revealed. Google said they have put in resources and efforts to ensure that every data received by them is anonymous and completely private.
The privacy company is of the opinion that Google should not be allowed to check themselves; that the government should not take their word for it and conduct a review on its own. The company went on to state in its complaint that the mathematical technique used in the Store Sales Measurement is CryptDB and is an already known technique. The technique has reportedly been flawed in the past. There are reports of healthcare database which were protected by CryptDB that were hacked in 2015 enabling the hackers gain access to over 50% of the stored data.
The privacy company also stated that Google has refused to answer questions pertaining to whether or not the users gave consent to Google before their debit and credit card details were obtained. Google has also refused to mention the companies offering it these data. The company stated that the unnamed partners ought to have the right to use the data as well.
The privacy company also stated that consumers need to know how Google gets their card details so they know the cards to use, and where not to use their cards if they o not want their information tracked. They went ahead to state that other personal information including a person’s intimate life, religious beliefs and medical conditions can be obtained through their purchases made online.
The Post was told by Google that they don’t have access to the personal information on the cards and that no other party has access to individual information of its users, not even their partners.
Aggregate information are given to advertisers, for instance, they are provided with total number of clicks an percentage which converted to sales; for instance, if 10,000 people clicked a page and only 12% made purchases, the information would be made available to advertisers. Google also stated that users have the opportunity to opt out at anytime. All they have to do is click on the “My Activity Page”, click “Activity Controls” and uncheck the “Web and Web Activity”.
The privacy group also stated that users don’t fully understand what it is they are opting out of. They say even when App and Web activity is switched off, the company continues to store server and click data. They also stated that to properly opt out, users will have to go to a number of third party sites that can help them with the labyrinthine process. Moreover, if a user wants to opt out of location tracking, they have to use a separate button interface yet, none of these opt out descriptions describes the debit and credit card data specifically.
Millions of dollars were paid to the FTC by Google in fines between 2011 and 2012. In 2011, they responded to a case filed by the Electronic Privacy information center and had to settle with the FTC because it was discovered that they employed deceptive tactics and violated its own privacy promises when it launched its social networking platform known as Google Buzz. Google was also charged in 2012 with misrepresenting its privacy promises to users of Apple’s Safari Browser who believed they couldn’t opt out of ad tracking. This case cost Google $22.5 million.