Consumer Watchdog, Privacy Rights Clearinghouse File Complaint Over Google’s “Deceptive” Privacy Policy Change

Charge Internet Giant Violated “Buzz Consent Agreement” and FTC Act

SANTA MONICA, CA – Consumer Watchdog and Privacy Rights Clearinghouse have filed a complaint with the Federal Trade Commission charging that Google violated the law and an earlier consent agreement when it forced a change in its privacy policy on users in a highly deceptive manner, without meaningful notice and consent.

The Internet giant’s action, taken on June 28, is an unfair and deceptive practice, violating Section 5 of the Federal Trade Commission Act and also violates the terms of the “Buzz Consent Agreement” Google signed with the agency, the two California-based consumer advocacy organizations’ formal complaint said.

The so-called “Buzz Consent Agreement” was reached after Google released users’ personal information in violation of its own privacy policy when launching its ill-fated social network, Buzz, to compete with Facebook. Under the 2011 agreement Google said it would not misrepresent the privacy or confidentiality of individuals’ information. The Buzz Agreement also requires Google to get informed consent before sharing users’ information with third parties if Google changes the way data is shared contrary to the privacy promises made when the data was first collected. Google violated both obligations with its action in June, the complaint said.

Consumer Watchdog and Privacy Rights Clearing House asked the FTC to claw back all advertising revenue earned by Google since the date of the change, citing past privacy violations by the internet giant as evidence that lesser penalties would not be enough to make the company respect consumers’ privacy rights. For example, the FTC issued the largest fine in its history, $22.5 million, when Google intentionally hacked Apple’s privacy protections, however that fine clearly failed to deter the company’s latest privacy violation.

“Fines Google has faced so far are but pocket change for Google. The company’s executives consider it merely the cost of doing business as they willfully violate our privacy,” said John M. Simpson, Consumer Watchdog’s Privacy Project Director. “The FTC must take meaningful action to stop this serial abuser and force it to give up its ill-gotten gains.”

Read the Consumer Watchdog and Privacy Rights Clearinghouse complaint here: http://www.consumerwatchdog.org/resources/ftc_google_complaint_12-5-2016docx.pdf

“The change marked the culmination of a nearly decade-long deception that Google has perpetrated against its users, the FTC, and the public at large,” according to the complaint.

“This announcement intentionally misled users, who had no way to discern from the wording that Google was breaking from a nearly decade-old practice and asking them if it could link their personal information to data reflecting their behavior on as many as 80% of the Internet’s leading websites,” the complaint said. “A reasonable user would have been left with precisely the impression Google was seeking to leave: that the 2016 change was to their benefit and posed no risk to their privacy. In reality, the policy change marked the consummation of a deceptive path that Google had methodically charted since it first sought to acquire DoubleClick in 2007.”

“Google is a serial privacy violator,” said Simpson. “For the last decade they pretended to care about your privacy, but amassed ever growing amounts of data about you. Remember, you’re not their customer. You are Google’s product.”

For more than a decade Google has kept information gathered through “tracking cookies” separate from information gleaned from users’ accounts. Privacy advocates warned of the danger of combining the data gathered by DoubleClick, which tracked consumers as they surfed the web, with data gathered from Google’s accounts before Google bought DoubleClick. The Internet giant said it would keep the information separate and the deal went through.

That changed last June with the new privacy policy, but rather than being candid about what it was doing, the company mislead its users, Consumer Watchdog and Privacy Rights Clearinghouse said.

“Google took affirmative steps to conceal and downplay the significance of this transformational change that eliminated the barrier between the data that Google gathers from cookies that track users’ behavior and the personal information that Google holds from its users’ accounts,” the complaint charged. “Google induced users to accept the change to its privacy policy by cloaking it in an offer to enable ‘new features’ that purport to provide ‘more control’ over users’ personal information. Unsuspecting users accepted Google’s offer in droves.”

The complaint spells out Google’s deceptive action:

This change was reflected in a parallel amendment to Google’s Privacy Policy. Google struck out the language in the policy stating that it would “not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent.” Now, Google told its users that it “may combine information from one service with information, including personal information, from other Google services,” and that users’ “activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google.”

Users were not clearly informed of the significance of the changes—or “features” as Google would have it—nor were they clearly and unambiguously given a chance to reject them. Existing users who did not wish to accept the changes could not decline immediately, but instead were given the option to click “more options,” leading to a second notification. There, users could select “no changes,” which presumably meant that their personal data would not be combined with tracking data from third party sites and apps.

For new users, the combination of personal and browsing data was done by default. New users are notified that Google processes data from sources like Google Maps and from “apps or sites that use Google services like ads, Analytics, and the YouTube video player.” The notification later notes: “[w]e also combine data among our services and across your devices. . .

The organizations’ complaint warned that failure to act against Google would hurt consumers and could lead other companies to engage in wrongdoing. The complaint said:

“Google is a serial re-offender. It has repeatedly violated consumers’ privacy and, when sanctioned, ignored its commitments to the FTC. Failing to take action now would send the message that as far as Google’s encroachments are concerned, consumers are on their own. Indeed, if the FTC fails to take action against the largest and most significant misappropriation of personal information—which is personal property—in the Internet era, other companies will be left to conclude that they too can avoid accountability. The public, for its part, would be left to question the value of the FTC and the ability of the Commission to protect consumers. “

The complaint said Google’s action both violated Section 5 of the Federal Trade Commission Act and the so-called “Buzz Consent Agreement.” The complaint said Google engaged in a string of deceptive acts by:

• representing that it would not combine its users’ personally-identifiable information with DoubleClick’s browsing data.
• repeatedly assuring its users that it would be transparent in how it handled their data.
• acquiring massive troves of its users’ data under false pretenses.
• concealing the nature and extent of the change to its policies in order to obtain user consent.

Google violated the Buzz Consent Order by misrepresenting
• the extent to which it protects its users’ privacy and confidentiality.
• adheres to the U.S.-EU Safe Harbor Framework.

Google was found to be hacking around privacy settings on Apple’s Safari browser and setting tracking cookies in violation of the consent decree and was fined $22.5 million in 2012. In 2010 Google was caught using its Street View cars to suck up private data including emails, passwords and financial information, from private Wi-Fi networks. The FCC fined Google $25,000 for obstructing its investigation into the Wi-Spy scandal and the Internet giant paid $7 million to settle a complaint brought by 38 state attorneys general.

– 30 –

Visit Consumer Watchdog’s website at www.conumerwatchdog.org

Visit Privacy Rights Clearinghouse site at: www.privacyrights.org

Published by John M. Simpson

John M. Simpson is a leading voice on technological privacy and stem cell research issues. His investigations this year of Google’s online privacy practices and book publishing agreements triggered intense media scrutiny and federal interest in the online giant’s business practices. His critique of patents on human embryonic stem cells has been key to expanding the ability of American scientists to conduct stem cell research. He has ensured that California’s taxpayer-funded stem cell research will lead to broadly accessible and affordable medicine and not just government-subsidized profiteering. Prior to joining Consumer Watchdog in 2005, he was executive editor of Tribune Media Services International, a syndication company. Before that, he was deputy editor of USA Today and editor of its international edition. Simpson taught journalism a Dublin City University in Ireland, and consulted for The Irish Times and The Gleaner in Jamaica. He served as president of the World Editors Forum. He holds a B.A. in philosophy from Harpur College of SUNY Binghamton and was a Gannett Fellow at the Center for Asian and Pacific Studies at the University of Hawaii. He has an M.A. in Communication Management from USC’s Annenberg School for Communication.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.