Sunday, December 3, 2023

Google to Pay $391M Fine for Android User Location Tracking Practices

To settle a privacy lawsuit brought by a group of attorneys general from 40 different U.S. states, Google has agreed to pay $391.5 million.

Reports say U.S. Michigan will earn close to $12 million from the settlement, which is the biggest multistate Attorney General Privacy settlement in American history.

Michigan Attorney General Dana Nessel said, “Google makes the majority of its revenue from using the personal data of those who search in its browsers and use its app.”

“The company’s online reach enables it to target consumers without the consumer’s knowledge or permission. However, the transparency requirements of this settlement will ensure that Google not only makes users aware of how their location data is being used but also how to change their account settings if they wish to disable location-related account settings, delete the data collected, and set data retention limits”.

A crucial component of Google’s digital advertising business is location data. Google creates thorough user profiles and targets ads on behalf of its advertising clients using the personal and behavioral data it collects. 

One of the most delicate and important pieces of personal information that Google gathers is location data. Even a small bit of location information can be used to infer personal information and reveal a person’s identity and routines.

Location History and Web & App Activity

According to a 2018 Associated Press article that claimed Google “tracks your movements even when you explicitly tell it not to,” the attorneys general launched their investigation into Google.

Particularly, the report says ‘Location History’ and ‘Web & App Activity’ were the two Google account options that were highlighted in the article. While Web & App Activity, a different account setting, is automatic “on” when users set up a Google account, including all Android phone users, Location History is “off” unless a user turns it on.

Settlement’s Specifics

The attorneys general found that Google violated state consumer protection laws by misleading consumers about its location-tracking practices since at least 2014.

In particular, Google made users uncertain about the Location History setting, the existence of the Web & App Activity setting, which also collected location data, and the extent to which users of Google’s services could limit location tracking by modifying their account and device settings.

In accordance with the settlement, Google must disclose more of its business operations to customers. Google should:

  • Show additional information to users whenever they turn a location-related account setting “on” or “off”;
  • Make key information about location tracking unavoidable for users (i.e., not hidden); and
  • Give users detailed information about the types of location data Google collects and how it’s used at an enhanced “Location Technologies” webpage.

Hence, the settlement also places restrictions on Google’s usage and storage of specific categories of location data and mandates that Google account controls be easier to use.

Reports state that the National Commission on Informatics and Liberty (CNIL) of France also penalized Google $170 million in January 2022 for violating internet users’ rights to free consent by making it challenging to decline website monitoring cookies and hiding the option behind several clicks.

The Australian Competition and Consumer Commission (ACCC) stated in August that it had fined Google $60 million for deceiving Australian Android customers and gathering their location data for nearly two years.

Managed DDoS Attack Protection for Applications – Download Free Guide


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles