HideTechdirt is off for the long weekend! In the mean time, check out our new face masks and other gear on Threadless »
HideTechdirt is off for the long weekend! In the mean time, check out our new face masks and other gear on Threadless »

It's Impossible To Opt Out Of Android's Ad Tracking; Max Schrems Aims To Change That

from the another-reason-to-use-apple? dept

Most of the world has been under some form of lockdown for weeks, but that clearly hasn't stopped the indefatigable Austrian privacy expert Max Schrems from working on his next legal action under the EU's GDPR. Last year, he lodged a complaint with the French Data Protection Authority (CNIL) over what he called the "fake consent" that people must give to "cookie banners" in order to access sites. Now he has set his sights on Google's Android Advertising ID, which is present on every Android phone. It builds on research carried out by the Norwegian Consumer Council, published in the report "Out of control".

Today noyb.eu filed a formal GDPR complaint against Google for tracking users through an "Android Advertising ID" without a valid legal basis. The data collected with this unique tracking ID is passed on to countless third parties in the advertising ecosystem. The user has no real control over it: Google does not allow to delete an ID, just to create a new one.

The Android Advertising ID (AAID) is central to Google's advertising system. It allows advertisers to track users as they move around the Internet, and to build profiles of their interests. Google claims that this "gives users better controls", which is true if people want to receive highly-targeted advertising. But if they wish to opt out of this constant tracking, there is a problem. Although Google allows you to change your AAID, it is not possible to do without it completely: the best you can manage is to get a new one. And as the detailed legal complaint to the Austrian Data Protection Authority (pdf) from Schrems points out, there are multiple ways to link old AAIDs with new ones:

Studies and official investigations have proved that the AAID is stored, shared and, where needed, linked with old values via countless other identifiers such as IP addresses, IMEI codes and GPS coordinates, social media handles, email addresses or phone number, de facto allowing a persistent tracking of Android users.

Schrems' organization None of Your Business (noyb.eu) claims that's unacceptable under the GDPR:

EU Law requires user choice. Under GDPR, the strict European privacy law, users must consent to being tracked. Google does not collect valid "opt-in" consent before generating the tracking ID, but seems to generate these IDs without user consent.

Google's position is weakened by the fact that Apple gives users of its smartphones the ability to opt out of targeted ads; for those using iOS 10 or later, the advertising identifier is replaced with an untrackable string of zeros:

If you choose to enable Limit Ad Tracking, Apple's advertising platform will opt your Apple ID out of receiving ads targeted to your interests, regardless of what device you are using. Apps or advertisers that do not use Appleā€™s advertising platform but do use Apple's Advertising Identifier are required to check the Limit Ad Tracking setting and are not permitted by Apple's guidelines to serve you targeted ads if you have Limit Ad Tracking enabled. When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking.

The formal legal complaint was filed on behalf of an Austrian citizen, requesting that the AAID should be deleted permanently. If the action succeeds, that would allow anyone in the EU -- and probably elsewhere -- to do the same. In addition, the complaint points out that under the GDPR, the maximum possible fine, based on 4% of Google's worldwide revenue, would be about €5.94 billion. There's no chance such an unprecedented sum would be imposed, but the fact that every Android user in the EU is forced to use Google's AAID could lead to a fairly hefty fine if Schrems succeeds with his latest legal defense of privacy.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: android, android advertising id, eu, gdpr, max schrems
Companies: google, noyb


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 May 2020 @ 8:27pm

    Good luck

    It takes someone physically tearing down and re-configuring the network, not another law and court order which they obviously don't care about.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 May 2020 @ 9:07pm

    If you can be tracked by IMEI codes, why do they need an"Android Advertising ID"?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 May 2020 @ 4:09am

    "It's Impossible To Opt Out Of Android's Ad Tracking"

    Can they still track my ass when I do not use android?

    reply to this | link to this | view in chronology ]

  • icon
    Nurlip (profile), 19 May 2020 @ 6:33pm

    Maybe the final straw in my use of Android..

    reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 20 May 2020 @ 10:25am

      Re:

      I'm an Android user basically by default. I chose Google's surveillance apparatus over Apple's "you don't own your device, we do" ethos. It'd be great to have a third choice, but we don't.

      At least some devices and carriers allow you to run Android variants without Google Services. Unfortunately, I've found that my phone won't connect to my carrier without Google Services, so I'm stuck.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 20 May 2020 @ 11:28pm

        Re: Re:

        " It'd be great to have a third choice, but we don't."

        Actually you do - Tizen, Plasma, PureOS, Librem, Ubuntu Touch, LineageOS, Kai, etc. Some are in early stages of development, some are simply unknown or unpopular for other reasons, but the choice is most definitely there.

        They're just in the usual catch 22 situation - phones won't be released with an unknown OS by default, and support will be limited after market until the OS is popular, which won't happen until you see phones with the other OS one the shelf. Android got where it is mainly by being a well-known alternative to iOS at a time where one was needed, and it stays there because people know it.

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.