Google’s incognito location tracking scandal could be the first real test of GDPR

3 min read

When you ask Google to turn off locations, it actually tracks in incognito mode. This default setting opens up Google to a potentially huge fine as per Europe’s GDPR rules.

Google is secretly tracking your moves

When users turn off their location tracking, they expect Google to stop detecting where they are, but this is not the case. Google continues as a secret stalker without the consent of the user.

Recently, Associated Press News reported about Google continuing to collect a user’s location points, while users think they are safe from being tracked. According to AP news, location tracking by Google continues even if the user disabled it; and following are some of the resulting issues:

  • User settings governing location markers are in different places
  • Location tracking can be “Paused”, but not permanently disabled
  • Location tracking continues in Maps, Search and other Google applications regardless of the “Location History” setting.
  • Warnings provided to both iOS and Android users are misleading

How is Google’s location tracking violating EU’s new GDPR rules?

In the month of May, this year, Europe announced its much anticipated new privacy law known as the General Data Protection Regulation (GDPR). This law has been virtually impacting every technology worldwide.

As per the GDPR law, any company operating in the EU or any company that serves EU citizens should abide by its strict new privacy guidelines meant to protect consumers from companies abusing their personal data. Any company failing to comply with these rules faces financial penalties as high as 4 percent of their annual revenue. For Google, this penalty could mean billions of dollars in fine!

GDPR’s data minimisation principle states that data collection should be done for specified, explicit and legitimate purposes for which they are processed.

Serena Tierney, a partner at VWV law firm and a data protection and privacy specialist, said to The Register, “The legitimate purpose of the data collection must be clear. Is it only used for Google’s own internal machine learning algorithms, say, or is it part of a personal profile sold to advertisers?”

“It’s part of a wider public debate. Is this part of the social contract between society generally (including me) and search engines (including Google) that in return for getting free search, for example, we expect our personal data to be used for personal advertising, with no way for us to opt out?” Tierney continued.

Rafe Laguna, an open source infrastructure provider of Open-Xchange, says, “The Google location scandal could be the first real test of GDPR. The regulation states that user consent must be clear, distinguishable and written in plain language.”

Google updated its location policies: “Some location data may be saved”

Right after Google faced investigation by the AP regarding its location tracking practice, it made some quick updates to its location history feature. According to a report from Associated Press, Google, in this update made on 16th August, acknowledges that it still tracks users via its Google Maps, weather updates, and browser searches services.

As per Google’s help page for location history setting, “some location data may be saved as part of your activity on other services, like Search and Maps.” The Location History toggle won’t actually stop Google from tracking users. However, users can turn it off by disabling the “Web and App Activity” option (which is enabled by default). By disabling the option, Google won’t be able to store and track user’s Maps’ data and browser searches for location anymore.

To know more about this evolving story in detail, visit Associated Press News’ full coverage.

Read Next

Microsoft Cloud Services get GDPR Enhancements

Machine learning APIs for Google Cloud Platform

Build an IoT application with Google Cloud [Tutorial]

Savia Lobo
A Data science fanatic. Loves to be updated with the tech happenings around the globe. Loves singing and composing songs. Believes in putting the art in smart.

Share this post

Popular

12,000+ unsecured MongoDB databases deleted by Unistellar attackers

Over the last three weeks, more than 12,000 unsecured MongoDB databases have been deleted. The cyber-extortionist have left only an email contact, most likely...