Google’s new program to track shoppers sparks a federal privacy complaint
Google’s new program to track shoppers sparks a federal
privacy complaint
By Elizabeth Dwoskin, Craig Timberg July 30, 2017 at 9:00
PM
A prominent privacy rights watchdog is asking the Federal
Trade Commission to investigate a new Google advertising program that ties
consumers’ online behavior to their purchases in brick-and-mortar stores.
The legal complaint from the Electronic Privacy
Information Center, to be filed with the FTC on Monday, alleges that Google is
newly gaining access to a trove of highly sensitive information -- the credit
and debit card purchase records of the majority of U.S. consumers -- without
revealing how they got the information or giving consumers meaningful ways to
opt out. Moreover, the group claims that the search giant is relying on a
secretive technical method to protect the data -- a method that should be audited
by outsiders and is likely vulnerable to hacks or other data breaches.
“Google is seeking to extend its dominance from the
online world to the real, offline world, and the FTC really needs to look at
that,” said Marc Rotenberg, the organization’s executive director.
Google called its advertising approach "common"
and said it had "invested in building a new, custom encryption technology
that ensures users' data remains private, secure and anonymous."
The Washington Post detailed Google's program, Store
Sales Measurement, in May.
Executives have hailed it as a “revolutionary”
breakthrough in advertisers’ abilities to track consumer behavior. The company
said that, for the first time, it would be able to prove, with a high degree of
confidence, that clicks on online ads led to purchases at the cash register of
physical stores.
To do this, Google said it had obtained access to the
credit and debit card records of 70 percent of U.S. consumers. It had then developed
a mathematical formula that would anonymize and encrypt the transaction data,
and then automatically match the transactions to the millions of U.S. users of
Google and Google-owned services such as Gmail, search, YouTube and maps. This
approach prevents Google from accessing the credit or debit card data for
individuals.
But the company did not disclose the mathematical formula
it uses to protect consumers' data. In a statement, Google said it had taken
pains to build custom encryption technology that ensures the data the company
receives remains private and anonymous.
The privacy organization is asking the government not to
take Google’s word for it and to review the algorithm itself. In its complaint,
the organization said the mathematical technique that Store Sales Measurement
is based on, CryptDB, has known security flaws. Researchers hacked into a
CryptDB-protected health-care database in 2015, accessing more than 50 percent
of the stored records.
Google also would not disclose which companies were
providing it with the transaction records. When asked if users had consented to
having their credit and debit transactions shared, Google would not
specifically say. The company replied it requires that its unnamed partners
have “the rights necessary” to use this data.
In its complaint, reviewed by The Washington Post, the
privacy group alleges that if consumers don’t know how Google gets its purchase
data, then they cannot make an informed decision about which cards not to use
or where not to shop if they don’t want their purchases tracked. The
organization points out that purchases can reveal medical conditions, religious
beliefs and other intimate information.
Google also told The Post that it does not have access to
the names or other personal information of the credit and debit card users, and
that it does not share any information about individual Google users with
partners.
Advertisers receive aggregate information. For example,
for an ad campaign for sneakers that received 10,000 clicks, the advertiser
learns that 12 percent of the clickers made a purchase.
Users can opt out anytime, Google says. To do so, users
of Google’s products can go to their My Activity Page, click on Activity
Controls, and uncheck “Web and Web Activity,” Google says.
The privacy group says the opt-out settings and the
descriptions of what users are opting out of are confusing and opaque. The
group says the company continues to store server and click data even when Web
and App Activity is turned off, and that to opt out of everything requires a
labyrinthine process of going to a number of third-party sites. Meanwhile,
opting out of location-tracking requires going to a separate button and
interface. None of the opt out descriptions specifically describes credit card
data.
In 2011 and 2012, Google paid multi-million-dollar fines
to settle FTC charges on privacy issues. In 2011, in response to a case brought
by the Electronic Privacy Information Center, Google settled FTC charges that
it used deceptive tactics and violated its own privacy promises when it
launched its social network, Google Buzz. In the 2012 case, for $22.5 million,
Google was charged with misrepresenting its privacy promises to users of
Apple’s Safari browser, who were under the impression that they could opt out
of ad tracking.
Dr Sandeep Nunia is the best peadiatric urology doctor in Jaipur
ReplyDeleteDr Shri Niwash Jangir is the best Insomnia doctor in Jaipur
ReplyDeleteNav Imperial Hospital is the best Orthopeadic surgery hospital in Jaipur
ReplyDeleteThis comment has been removed by the author.
ReplyDelete