Australian Regulator Says Google Misled Users Over Data Privacy Issues

Australia's competition regulator on Monday accused Alphabet's Google of misleading consumers to get permission for use of their personal data for targeted advertising, seeking a fine "in the millions" and aiming to establish a precedent. From a report: The move comes as scrutiny grows worldwide over data privacy, with U.S. and European lawmakers recently focusing on how tech companies treat user data. In court documents, the Australian Competition and Consumer Commission (ACCC) accused Google of not explicitly getting consent or properly informing consumers of a 2016 move to combine personal information in Google accounts with browsing activities on non-Google websites. "This change ... was worth a lot of money to Google," said commission chairman Rod Sims. "We allege they've achieved it through misleading behaviour." The change allowed Google to link the browsing behaviour of millions of consumers with their names and identities, providing it with extreme market power, the regulator added. "We consider Google misled Australian consumers about what it planned to do with large amounts of their personal information, including internet activity on websites not connected to Google," Sims said.

Re:How long is this charade going to go on?

[AleRunner]

If something is free to use, YOU are the product. That is the absolute truth. So at what point are the public and litigators going to just accept this common knowledge, and stop pretending they are rubes from the 1950s who got transported to 2020?

That's true, but what are the regulators supposed to do about this? I know of situations where companies have deliberately destroyed paid products in a market in order to force even the customers that were willing to pay onto the advertising supported version. Often there's no alternative. This means privacy and data security can only happen if free products are still forced to follow at least some basic rules. In fact, if you look at Facebook, they almost don't care about the data that you give them yourself. The most valuable data is the data that your "friends" give Facebook about you. It's also the most certain data since they get several different people giving the same data so they know that it's true. Since this is beyond your control the only possible way to deal with it is by regulators regulating privacy and data use by free services.

It's also true that even if you pay that doesn't mean you aren't still actually the main product. It does give you a contractual relationship and change things a small amount but this can normally be got round with terms and conditions which "allow us to share your data with our partners in order to optimise our service delivery to you".

Struth Cobba!

[Gavino]

And stone the crows! Thatâ(TM)s not a knoiyf googel - this is a knoiyff!! Iâ(TM)ll fight ya mate! Cmon Iâ(TM)ll foight ya!!

Why spend the time and money?

[Anonymous Crowded]

This seems really simple: companies get past using your information for profit because there aren't hard rules and penalties. Jurisdictions that are concerned about what they're doing could (and should) come up with a set of regulations like GDPR and pass it. Shove proof of compliance onto the companies and out the rats that were acting against public interest.

You could even just flesh out existing laws with just "common sense" language that's clearly defined, and, again, name and shame the good and th

Re:Why spend the time and money?

[ytene]

GDPR has so many holes you could drive a fleet of buses through them.

In the context of what Google are accused of here, one entry in the "Lawful basis for Processing" list is "If the data subject..." (that's you...) "... has given their consent." So companies get around the GDPR by:-

1. Linking their right to do ANYTHING they want with your data to your desire to use an aspect of their product that you cannot reasonably decline. For example, banks in the EU link "GDPR Permission" to their willingness to give you a bank account. Or a credit card. Want an account? You have no choice but to agree to your terms.

2. Obfuscating what they actually do with your data, which they can legally do in a bunch of ways. For example, they can set up an internal company structure whereby you sign a contract with a paper-thin company that does nothing accept enter agreements with customers... and then other companies in their "group of companies" - with whom they *have* to share data to offer you the service you want - can do pretty much what they want, because it's now an order of magnitude harder to figure out what is going on...

3. Abdicate all responsibility. For example, web companies that have literally hundreds or thousands of companies that *could* serve you ads - and gain compliance by saying, "Not up to us to negotiate with all these third parties, so we'll provide links to all the companies we do business with..." At which point, if you want to opt out of data sharing, it's now on you to go to the hundreds of third parties, navigate their privacy agreements, try and find a way of disabling their spying.


The GDPR was good in principle, but utterly flawed in implementation. Here's a good way to think about this from a "legal" perspective... If, as a private citizen, I were to bug your phone, bug your PC, listen to your telephone calls, monitor what you watch via your net-connected TV, and track your activity all around the internet, I could be charged with stalking, found guilty, then locked up for *years*. Yet all of this and more is done by corporations and citizens are literally powerless to defend against it thanks to something as harmless-looking as a "Terms and Conditions" page. Unless or until privacy legislation puts the data subject on the same legal footing - and with the legal "presumptions" in their favour (i.e. companies have to explicitly secure your permission for each and every different activity to which they apply your data) citizens are going to lose.

For as long as the law-makers accept "campaign contributions", citizens are going to lose. For as long as governments can go to private companies with an NSL and demand all the data the company holds on your (for free), citizens are going to lose.

I'm shocked!

[smooth wombat]

A company whose purpose is to gather other people's data and sell it for profit might have misled people into giving up that data? I'm shocked to hear such shenanigans going on.

Re:

[GregMmm]

I was more shocked that the regulator claims people were misled. What they didn't know?

News Flash: Google wants your personal data to make money...

Next News Flash: Why does Google need access to all my personal data...

Really?

[jenningsthecat]

...seeking a fine "in the millions" and aiming to establish a precedent.

In the first place, any fine less than hundreds of millions is merely lunch money to Google, never mind a cost of doing business. In the second place, a precedent for what, exactly? So you establish a legal framework for fining them again, and do so; at some point they'll just pull out of your little island continent, and you'll discover that you've grown much more reliant on them than they have on you.

Pretty much all of us have made a deal with the Devil by feeding Google until it became so big that both

Much better than a fine

[Alain Williams]

would be insisting that Google remove all of the data that it slurped without user permission. The problem is verifying that Google ever does what the court orders it to do - Google saying "yes we zapped it" will be easy but I would want hard evidence.