European privacy regulators could take action against Google over location tracking

Google is already being scrutinized in the US for allegedly tracking phone users regardless of their privacy settings, and now the Internet giant could be facing a similar lawsuit in Europe.

European consumer groups have accused Google of breaching the European Union’s new General Data Protection Regulation (GDPR) privacy law which went into effect in May.

Consumer groups in the Czech Republic, Greece, Norway, Slovenia and Sweden all filed complaints with their respective national data protection authorities, asking privacy regulators to take action against the Internet company for breaching the EU’s GDPR law by tracking the movements of millions of smartphone users.

Reuters has the story:

Consumer lobby the European Consumer Organisation (BEUC) alleges that Google uses various methods to encourage users to enable the settings Location History’ and Web & App Activity which are integrated into all Google user accounts.

A Google spokesperson commented:

Location History is turned off by default, and you can edit, delete or pause it at any time. If it’s on, it helps improve services like predicted traffic on your commute.

If you pause it, we make clear that—depending on your individual phone and app settings—we might still collect and use location data to improve your Google experience.

We’re constantly working to improve our controls, and we’ll be reading this report closely to see if there are things we can take on board.

This is a kind of a non-argument that only Google could make, but that doesn’t mean it makes any sense. While Location History is off by default, most Google apps for iOS and Android not only require enabling that feature but Web & App Activity, too.

Both of these features are accessible through your Google dashboard.

The BEUC has called these practices “unfair” as consumers are left in the dark as to how their personal data is being used because Google’s moves are not in compliance with GDPR. The organization doesn’t think Google has a valid legal ground for processing the data in question because users’ consent provided under these circumstances is not freely given.

If found guilty, Google could be slapped with a multi-billion fine based on four percent of its annual revenue. Quartz recently discovered that Android phones are collect and sending encrypted location data back to Google without permission, even when location services are disabled, the user hasn’t used any apps or hasn’t even inserted a SIM card in their phone.

Thoughts?