Google to Pay $391M Fine for Android User Location Tracking Practices

To settle a privacy lawsuit brought by a group of attorneys general from 40 different U.S. states, Google has agreed to pay $391.5 million.

Reports say U.S. Michigan will earn close to $12 million from the settlement, which is the biggest multistate Attorney General Privacy settlement in American history.

Michigan Attorney General Dana Nessel said, “Google makes the majority of its revenue from using the personal data of those who search in its browsers and use its app.”

“The company’s online reach enables it to target consumers without the consumer’s knowledge or permission. However, the transparency requirements of this settlement will ensure that Google not only makes users aware of how their location data is being used but also how to change their account settings if they wish to disable location-related account settings, delete the data collected, and set data retention limits”.

A crucial component of Google’s digital advertising business is location data. Google creates thorough user profiles and targets ads on behalf of its advertising clients using the personal and behavioral data it collects. 

One of the most delicate and important pieces of personal information that Google gathers is location data. Even a small bit of location information can be used to infer personal information and reveal a person’s identity and routines.

Location History and Web & App Activity

According to a 2018 Associated Press article that claimed Google “tracks your movements even when you explicitly tell it not to,” the attorneys general launched their investigation into Google.

Particularly, the report says ‘Location History’ and ‘Web & App Activity’ were the two Google account options that were highlighted in the article. While Web & App Activity, a different account setting, is automatic “on” when users set up a Google account, including all Android phone users, Location History is “off” unless a user turns it on.

Settlement’s Specifics

The attorneys general found that Google violated state consumer protection laws by misleading consumers about its location-tracking practices since at least 2014.

In particular, Google made users uncertain about the Location History setting, the existence of the Web & App Activity setting, which also collected location data, and the extent to which users of Google’s services could limit location tracking by modifying their account and device settings.

In accordance with the settlement, Google must disclose more of its business operations to customers. Google should:

• Show additional information to users whenever they turn a location-related account setting “on” or “off”;
• Make key information about location tracking unavoidable for users (i.e., not hidden); and
• Give users detailed information about the types of location data Google collects and how it’s used at an enhanced “Location Technologies” webpage.

Hence, the settlement also places restrictions on Google’s usage and storage of specific categories of location data and mandates that Google account controls be easier to use.

Reports state that the National Commission on Informatics and Liberty (CNIL) of France also penalized Google $170 million in January 2022 for violating internet users’ rights to free consent by making it challenging to decline website monitoring cookies and hiding the option behind several clicks.

The Australian Competition and Consumer Commission (ACCC) stated in August that it had fined Google $60 million for deceiving Australian Android customers and gathering their location data for nearly two years.

Managed DDoS Attack Protection for Applications – Download Free Guide