European, U.S. Groups Plan Salvo of Privacy Complaints Against Google
Consumer groups from several European countries on Thursday plan to file formal complaints to regulators alleging that Google violates privacy rules and doesn’t inform users of how their data from across the company’s services is used to target advertisements.
Google makes it simple for users to click one button to share their data when signing up to a service; opting out, however, requires several additional clicks, the complaints say. The
unit also isn’t transparent about how it uses personal data, the groups claim.
The complaints invoke the legal requirement that companies operating in the European Union design products with simple privacy protections. In January, France’s privacy regulator fined Google $169 million and Meta Platforms Inc.’s Facebook $67 million for a related violation, arguing that the companies made it too difficult for users to reject cookies, the identifiers that track their data.
Google uses similar practices across its products, including YouTube, Google Maps, the Android operating system, Gmail and Google Play store, and doesn’t inform consumers if their data will be used to create personalized advertisements, the groups say.
“They can combine all that data to get a very detailed profile and be able to personalize all kinds of content, including targeting advertising,” said
David Martin Ruiz,
senior legal officer at the European Consumer Organization, a Brussels-based group that coordinated the upcoming efforts on Google’s data-collection.
On Thursday, groups from Norway, Slovenia, the Czech Republic, Greece and France plan to file identical complaints with regulators. In Germany, an advocacy group is writing Google to warn that it might file suit against it, while groups in Denmark, the Netherlands and Sweden, are writing their national authorities to share details on Google’s practices. Privacy rules across Europe vary by country, with some authorities required to investigate every formal complaint they receive.
A Google spokesman said in an emailed statement, “People should be able to understand how data is generated from their use of internet services. If they don’t like it, they should be able to do something about it.”
When users create a Google account, the company presents different options that are designed to be easy to understand, he said. “We are committed to ensuring these choices are clear and simple,” the spokesman said.
The complainants, however, say the options aren’t straightforward. By making it difficult for consumers to refuse to share their data, Google violates the so-called privacy-by-design requirements under the European Union’s 2018 General Data Protection Regulation, they argue.
“Privacy by design is what we need, not only in the Google case, but on the whole with electric cars, other electronic devices, other user interfaces.”
“Privacy by design is what we need, not only in the Google case, but on the whole with electric cars, other electronic devices, other user interfaces,” said
head of testing at the Slovene Consumers’ Association. Regulators should require Google to create a simple way for users to refuse to share data on its different platforms, he said.
A coalition of American tech and consumer groups is also planning to send a letter to the Federal Trade Commission on Thursday, outlining similar complaints on Google’s unclear language and the time-consuming steps needed to opt out of data-sharing. The practices likely violate the FTC Act, a law that empowers the agency to prevent deceptive practices that harm consumers, said
digital co-chair for the U.S. at the Transatlantic Consumer Dialogue, a coalition of advocacy groups.
“We think this absolutely constitutes a manipulative design pattern and is unfair to consumers,” Ms. Schroeder said.
Last year, the FTC said it would increase investigations of ways that companies use deceptive tactics to attract subscribers to their services, then make it hard for them to cancel.
The Transatlantic Consumer Dialogue is pushing U.S. regulators to curtail certain practices by Big Tech providers, Ms. Schroeder said. European law bans companies from withholding a service if consumers refuse to provide personal data; in the U.S., there is no such provision, she said.
The complaints from the European consumer groups will first be sent to the national regulator in their home country, and then forwarded to Ireland. Under the GDPR, the Irish regulator is responsible for overseeing Google’s activities in the EU because the company’s European headquarters are there.
Consumer advocates, however, say that the Irish regulator is slow. In Europe, regulators in the country where a complaint originated can step in to ask questions or raise disagreements. That was a factor in the Irish regulator’s $270 million fine of WhatsApp last September, a complaint first filed in 2018.
Mr. Martin Ruiz’s group, the European Consumer Organization, coordinated similar complaints on Google’s location-tracking in 2018, shortly after the EU privacy law took effect. The Irish regulator still hasn’t issued a decision.
“We hope the bottleneck is resolved,” Mr. Martin Ruiz said.
Google faces opposition to its location-tracking elsewhere. Besides the complaints in Europe, authorities in Australia claimed in 2019 that Google similarly misled consumers there. In January, three U.S. states and the District of Columbia filed lawsuits also alleging that Google recorded the locations of users who had opted out.
Write to Catherine Stupp at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8