Arizona AG Sues Google For Location Data Failures, After Telecom Got A Wrist Slap For Far Worse Behavior

from the somebody's-watching-me dept

Two years ago, an investigation by the Associated Press and Princeton computer scientists found that Google services on both Android and Apple routinely continued to track user location data, even when users opted out of such tracking. Even if users paused "Location History," the researchers found that some Google apps still automatically stored time-stamped location data without asking the consumer's consent.

Fast forward two years later, and Arizona Attorney General Mark Brnovich has sued Google for violating the Arizona Consumer Fraud Act over the practice. The lawsuit (pdf), filed in Maricopa County Superior Court, is based off of an investigation begun by Brnovich's office back in 2018. Like the aforementioned AP report, the AG found that Google's settings didn't actually do what they claimed they did in regards to ceasing location data tracking:

"Google told users that "with Location History off, the places you go are no longer stored." But as the AP article revealed, this statement was blatantly false — even with Location History off, Google surreptitiously collects location information through other settings such as Web & App Activity and uses that information to sell ads. At the same time, Google’s disclosures regarding Web & App Activity misled users into believing that setting had nothing to do with tracking user location. Google’s account set-up disclosures made no mention of the fact that location information is collected though Web and App Activity, which is defaulted to “on," until early-to mid-2018."

To be very clear, that's bad. Companies (especially companies that have spent years under fire for privacy abuses) should be transparent about what they're collecting, clearly communicate that to end users, and not try to hide opting out under layers of confusing menus. This is, of course, the kind of stuff that would be thwarted by a very simple privacy law that required transparency, working opt out tools, and included penalties for companies that misled users. You know, the kind of basic rules that were passed by the FCC back in 2016, then immediately demolished by telecom lobbyists thanks to the GOP-controlled Senate one year later, just as they were about to take effect.

In an interview with the Washington Post, Brnovich insists he was eager to send a message that companies aren't "above the law":

"At some point, people or companies that have a lot of money think they can do whatever the hell they want to do, and feel like they are above the law,” Brnovich said. “I wanted Google to get the message that Arizona has a state consumer fraud act. They may be the most innovative company in the world, but that doesn’t mean they’re above the law."

While this is all well and good, and Google certainly deserves penalties for not being transparent about how basic privacy settings work, the lawsuit continues to highlight a bizarre asymmetry in policymakers' concerns about privacy. While Google's failure here was bad, it's a far cry from the location data scandals that recently rocked the telecom sector. There, carriers were found to have been selling access to huge swaths of location data to pretty much any nitwit with a nickel. This data was then repeatedly, aggressively abused, by everybody from law enforcement to folks pretending to be law enforcement, to stalkers.

The scope of those scandals were utterly monumental, yet the punishment was virtually nonexistent. The worst that happened was a performative FCC fine that will likely be litigated down to next to nothing over the next year, then forgotten entirely. Many AGs were utterly absent from that particular dance of dysfunction, despite claims to be eagerly cracking down on companies that are "above the law." There were no lawsuits filed against AT&T, Verizon, or T-Mobile. And while the FCC did finally act, it wound up being little more than a belated wrist slap.

We've noted this bizarre tech and privacy policy asymmetry more than a few times, yet it doesn't seem to really change, with "big tech" getting the lion's share of heat and attention, while adtech, telecom, and other equally problematic sectors routinely engage in the same or worse behaviors yet see far less scrutiny. If we are ever going to craft a meaningful privacy law in the United States (and I remain skeptical that's happening without first seeing an historic scandal well beyond what we've seen already), policymakers are going to need to take a far broader, bird's eye view of the modern privacy problem.

Filed Under: android, arizona, location data, mark brnovich, privacy
Companies: google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Koby (profile), 1 Jun 2020 @ 7:52am

    Local Resident

    Some police departments near where I live deliberately target out-of-towners for speeding tickets. Issuing massive citations against the locals is a good way for the mayor to lose the next election, but out-of-towners don't get to vote.

    So I wonder if the enforcement actions are related to the company presence in the state? Go easy on the local telecom companies, because they provide local jobs, campaign contributions, and they've got lobbyists. But an out of state big tech corporation looks like a big payday from out of state. How much of a local presence has Google established in Arizona? Can they start local branch offices and hire lobbyists to stave off enforcement?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2020 @ 8:28am

    Is his decision to prosecute driven by consumer protection or by political grand standing to advance a political career.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2020 @ 9:02am

    The reason is obvious..

    This data was then repeatedly, aggressively abused, by everybody from law enforcement to folks pretending to be law enforcement, to stalkers.

    No AG is going to take away LEO toys.

    reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 1 Jun 2020 @ 9:09am

    I am convinced we will not see any meaningful progress in the area of privacy until it becomes painfully personal (the prison and permanent poverty kind of painful), first to policymakers and then to the bigwigs of the companies that violate the policies. And, as Karl and others have said, I think this will only start with a scandal of historic proportions, one that hits the policymakers and / or the bigwigs en masse.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2020 @ 9:15am

    These locations being censored ... they are conservative locations aren't they?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2020 @ 10:29am

    but Telecom isn't Google and perhaps Google dont pay as much/enough to those who can make things go away!!

    reply to this | link to this | view in chronology ]

  • icon
    Ben L (profile), 1 Jun 2020 @ 7:39pm

    Google's lawyers are probably already preparing to argue that the precedent set by these wrist slaps is an even weaker slap on the wrist :p

    reply to this | link to this | view in chronology ]

  • icon
    gracejayden (profile), 2 Jun 2020 @ 3:21am

    WELCOME TO YOUR WEBSITE

    Hi Captain Tractors friends, I have uplifting news for you that now you can see the nuances of all Captain Tractors Price in India, Captain Tractors Specifications, Captain Tractors all Model Price with a perfect schedule.

    http://tractors11.bravesites.com/#builder

    reply to this | link to this | view in chronology ]

  • icon
    tz1 (profile), 2 Jun 2020 @ 1:06pm

    Hard to kill the location

    First, you can leave it off (and disable wifi scanning). GPS only will timeout. Or enable "mock locations" and pick an interesting location. Finding "recent location requests" in the Location setting can help. There are apps or something that keep popping up "Can't get location" when I come from the lock screen on Android. One app uses an ad service that wants location and will keep checking in the background when I'm done if I don't explicitly exit the app. A feature phone is better but some have this stuff under the hood.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.