Roughly a month ago AP reported that Google continues to collect location data when ‘Location History’ is turned off. The company acknowledged this and subsequently updated its help pages to clarify for users.
Google uses location data for a number of purposes, including personalization, ad targeting and attribution.
The initial AP report apparently sparked an investigation by the Arizona attorney general’s (AG) office into location and privacy. An Arizona AG spokesperson told the Washington Post that the state had been considering investigating tech companies and consumer privacy prior to the appearance of the report. It’s not clear whether Facebook or other companies beyond Google are targeted.
Arizona law also provides a private right of action for instances of “consumer deception” and fines of up to $10,000 per incident. That penalty scheme could expose Google to significant potential liability.
Google also faces a number of other investigations and potential investigations on privacy and antitrust at both the federal and state levels. Indeed, another recently announced state investigation in New Mexico accuses an Android game developer and digital ad companies, including Google and Twitter, of improperly capturing and sharing kids’ location data in violation of COPA. (Facebook is also the subject of multiple inquiries, though not on antitrust.)
Some of these investigations are being prompted by Google and Facebook critics or privacy advocates such as the Electronic Privacy Information Center, while some appear to be politically motivated. One example of the latter is the Justice Department’s forthcoming inquiry into whether social media companies are “censoring” conservatives.
Right now big tech companies have plenty of critics on the left (for Russian election meddling and “fake news”) and on the right (for alleged suppression of politically conservative speech).
Personal data collection and privacy have emerged in the past year as major hot-button issues, in the wake of Europe’s General Data Protection Regulation (GDPR) and other events like Cambridge Analytica. Location is a key piece of personal data in both Europe and the US and at the center of the privacy discussion.
Companies that work in the world of location intelligence have often not done a good job, including Google, of educating consumers (or the media) about how these processes work and how privacy is maintained. And because there’s limited transparency around data management and identity resolution, there’s often a “deception” narrative that accompanies coverage of location data collection.
In response to a GDPR-inspired grassroots ballot initiative, the California legislature passed the California Consumer Privacy Act (CCPA), which regulates collection and use of consumer data. It gives people the right to prevent businesses from selling or disclosing their personal information to third parties. It also allows them to sue for violations. The law is set to take effect in 2020.
In response to CCPA, tech companies have sought federal legislation to head off the new law and a potential patchwork of state privacy regulations, and to have some say in any new data-collection rules that will govern them. The US Chamber of Commerce has also called on Congress to preempt the CCPA. Federal law can preempt state efforts to regulate commerce under the Commerce Clause of Article I of the US Constitution.
There is also an early effort on privacy legislation happening through the US Commerce Department. However, the outlook for federal privacy and data security legislation is uncertain.
Comments