The ACCC is suing Google for misleading millions. But calling it out is easier than fixing it

Katharine Kemp, Senior Lecturer, Faculty of Law, UNSW, and Academic Lead, UNSW Grand Challenge on Trust, UNSW

Australia’s consumer watchdog is suing Google for allegedly misleading millions of people after it started tracking them on non-Google apps and websites in 2016.

The Australian Competition and Consumer Commission (ACCC) says Google’s pop-up notification about this move didn’t let users make an informed choice about the increased tracking of their activities.

Google uses some of this data in its targeted advertising business. It can also collect sensitive information about us from third-party websites and apps which it may use in its non-advertising businesses.

The ACCC isn’t the first to claim Google hasn’t been straight about how it uses our data, nor is this the first time it has sued Google.

But even if Google gave us the whole story, what can we actually do about growing surveillance?

Google tracks your activities beyond Google

While it would take a separate article to list all the ways Google tracks your activities online and offline, the ACCC is concerned about two of the company’s data practices in particular.

First, Google has been collecting data about what you do on websites that may not seem related to Google at all. This is combined with other data collected by Google’s own services including YouTube, Gmail, Google Maps and Chrome.

The reason Google can do this is that third-party websites and apps also use Google’s services, such as ad serving or Google Analytics.

Their agreements with Google allow it to embed its technology into the websites and apps and send your activity information back to Google, without alerting you.

Second, the ACCC is concerned Google has combined its own extensive Google account holder datasets with personal data collected by ad tech company DoubleClick, which Google acquired in 2007. This is despite Google initially claiming it wouldn’t do this without users opting in.

The data Google collects, and how it’s used

Google’s technologies are embedded in millions of third-party websites (and likely many of the ones you use).

So it’s well placed to collect data about your online activities, including research you might do on intimate topics such as depression, miscarriage, abortion, diabetes, weight loss, heart disease, divorce, erectile dysfunction and so on.

Google can then combine this data with the information it already has about you from its own services, such as where you live, what you buy, where you go and who you associate with.

Google says it doesn’t use users’ health data or other “sensitive” data for its targeted advertising business. But it does not promise it won’t collect such sensitive data, keep it, combine it with data about our other activities or use it for non-advertising business purposes.

For example, Google has made moves to enter various health services markets. And there’s speculation it may start supplying health products and life insurance in future.

Further, unless you have changed the “ad personalisation” settings in your Google account, Google can use data from third-party sites which it does not classify as “sensitive” to target you with ads. This data could include whether you’re searching for baby clothes, travel insurance, retirement living, or a house in a specific suburb.

But even if you have opted out of personalised ads, Google’s privacy policy doesn’t say it will stop collecting and retaining the data itself.

What was misleading?

The ACCC claims Google’s 2016 notification about its increased tracking was misleading. The notice led with the benign headline, “Some new features for your Google Account”, followed by:

We’ve introduced some optional features for your account, giving you more control over the data Google collects and how it’s used, while allowing Google to show you more relevant ads.

The statements further down in the notification were arguably unclear about what Google actually planned to change. The ACCC says the notification was misleading because:

Consumers could not have properly understood the changes Google was making nor how their data would be used and so did not – and could not – give informed consent.

It claims Google also misled consumers by stating in its privacy policy that it would not reduce users’ rights under the policy without their explicit consent, but then did exactly that.

Privacy concerns warrant legal backing

In this case, the ACCC’s issue is that Google didn’t give consumers the real story about its plan to vastly increase personal data collection and use this information for commercial purposes. The ACCC’s action against Google should be a warning to all companies that currently fudge their privacy terms.

But what if Google had been transparent and the pop-up box instead said: “we are going to start collecting your personal data whenever you use third-party websites or apps that use Google technologies”?

Given the millions of websites using Google technologies, is it even possible for consumers to avoid this?

In Germany, the Federal Cartel Office last year found Facebook had abused its dominance by insisting on collecting users’ personal data via embedded technologies on non-Facebook websites and apps.

It argued Facebook’s market power gave it the ability to impose these practices on users, even against their wishes.

Australia does not have an “abuse of dominance law” to address single-firm exploitative conduct, such as raising prices or imposing intrusive privacy terms. Facebook currently collects data about Facebook users – and even non-users – from third-party websites and apps in Australia, without alerting us.

The ACCC may succeed in proving misleading conduct by Google. And it might obtain a substantial fine against Google – potentially up to 10% of Google’s turnover in Australia.

But to stop tech giants from doing whatever they like with our data, we’ll need to consider a broader law against unfair practices.

The Conversation

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Author

  • Dr Katharine Kemp is a Senior Lecturer at the Faculty of Law, UNSW Sydney, and Academic Lead of the UNSW Grand Challenge on Trust. Katharine’s research focuses on competition law (particularly misuse of market power), consumer protection and data privacy regulation. She has published widely in these fields, including "Misuse of Market Power: Reform and Rationale" (Cambridge University Press, 2018), "Competition Law of South Africa" (LexisNexis) with PJ Sutherland, and numerous peer-reviewed journal articles. Katharine is the Co-Leader of the "Data as a Source of Market Power" research stream for The Allens Hub for Technology, Law and Innovation, with Dr Rob Nicholls of the UNSW Business School. She is also the convenor of the new postgraduate course, "Financial Law and Regulation in the Age of Fintech" (LAWS8174), and lectures Contracts at UNSW Law. Before joining the faculty, Katharine was a Research Fellow on the UNSW Digital Financial Services Research Team, conducting in-depth research into the regulation of digital financial services in developing countries in particular, including through fieldwork in these countries. She has also practised as a commercial lawyer in major law firms, as a barrister in Melbourne, and consulted to the Competition Commission of South Africa during the six years that she lived and worked in South Africa. She is a Member of the Centre for Law and Market Regulation, a Member of the Australian Privacy Foundation and a Member of the Advisory Board of the Future of Finance Initiative in India.

    View all posts