Today, 7 member groups of the European Consumer Organization (BEUC) asked each of their national Data Protection Authorities (DPAs) to investigate Google Android's pervasive smartphone locational data collection practices following an investigative report "Every Step You Take" by the Norwegian Consumer Council (Forbrukerrådet) finding that Google may be in violation of the new European GDPR privacy law. All the groups are members of the U.S. PIRG-backed TransAtlantic Consumer Dialogue, which itself followed up with a letter calling for an investigation by the U.S. Federal Trade Commission. Meanwhile, as the Senate prepared for an afternoon FTC oversight hearing today where Facebook data sharing practices and its breach will certainly be focused on, we joined leading groups in a separate letter to complain to the FTC about its biased staff report that adopts unsubstantiated industry claims in defense of a wrongheaded FTC call to the Trump administration to grant consumers weak baseline privacy choices.
Excerpt from the news release from the Norwegian Consumer Council, which also includes a video. The graphic, from the report, shows how Google's detailed 10-pings/minute Android smartphone tracking of consumers works.
"Google is processing incredibly detailed and extensive personal data without proper legal grounds, and the data has been acquired through manipulation techniques," says Gro Mette Moen, acting head of unit, digital services in the Norwegian Consumer Council. "When we carry our phones, Google is recording where we go, down to which floor we are on and how we are moving. This can be combined with other information about us, such as what we search for, and what websites we visit. Such information can in turn be used for things such as targeted advertising meant to affect us when we are receptive or vulnerable."
Excerpt from the U.S. PIRG-backed TACD.org letter to the FTC supporting the actions by TACD's European members:
On behalf of members of the Transatlantic Consumer Dialogue (TACD), we are writing to urge you to investigate deceptive and misleading practices by Google. A new report published today by the Norwegian Consumer Council (NCC) shows how Google manipulates and nudges users of mobile phones with the Android operating system, such as Samsung phones, into being constantly location-tracked through the Location History and Web & App Activity settings, which are applied into all Google accounts. This research, entitled “Every Step You Take,” is a follow-up of the report “Deceived by Design”, which was brought to your attention last June by nine of our members, leading consumer and privacy organizations in the United States.
Excerpt from the U.S. PIRG and other leading U.S. groups' letter to the FTC concerning its biased staff report, which was filed as an official comment to the administration from the FTC, an independent agency:
We, the undersigned consumer, privacy and civil liberties organizations, write to express our disappointment about the comments that the Federal Trade Commission (FTC) staff recently submitted to the National Telecommunications and Information Administration’s request for comments on “Developing the Administration’s Approach to Consumer Privacy.”We appreciate the work that the FTC has done over the years to protect consumers privacy, within the limitations that it describes in its comments. However, we remain frustrated by the agency’s failure to act promptly on timely and important privacy-related complaints before the agency as well as by the lack of adequate enforcement actions for cases resolved in recent years.
What is most troubling to us in these comments, however, is the FTC’s apparent position, citing a study by the advertising industry, that a policy approach in which consumers were opted out of online advertising by default would not be appropriate because “the likely result would include the loss of advertising-funded online content.” The study fails to cite any empirical data suggesting that without targeted advertising, free online content will decrease. We would have hoped that the FTC would take a broader look at the evidence, rather than relying on a self-serving study by one stakeholder."
U.S. PIRG also filed comments in response to that Request for Comment (RFC) titled "New Approaches to Consumer Data Privacy of the Department of Commerce's National Telecommunications and Information Administration (NTIA). We expressed disappointment in the NTIA's overview, which demonstrated a predetermined bias toward preemption of stronger state consumer laws and used pejorative terms such as "patchwork" to denigrate state privacy and data protection leadership.
In a recent blog, I explained how 2019 is a crucial year for privacy protection. Industry lobbyists, lawyers and PR flacks have already launched campaigns to normalize their invasive data collection practices, as evidenced by the FTC staff's wholesale adoption of their specious pro-industry claims. Will Congress allow states, including California, Illinois and others to continue to lead on privacy and data collection protections for U.S. citizens or will it kow-tow to the demands of powerful special interests including digital platforms such as Facebook, Amazon and Google and ISPs including Comcast and Verizon along with the massive and manipulative digital ad industry and data collection ecosytem they've spawned? Will Congress grant U.S. consumers rights similar to those provided by the European General Data Protection Regulation (GDPR) or will it allow us to continue to be industry's product for sale or sharing, not their customers? For more on GDPR, see a recent 60 Minutes episode "GDPR: The Law That Lets Europeans Take Back Their Data From Big Tech Companies." It features our colleague Jeff Chester of the Center for Digital Democracy.
Also, last week, we released our 33rd annual PIRG Trouble In Toyland report. For the second year in a row, we included potentially-privacy invasive toys found in the Internet of Things.