Euro consumer groups: We think Android tracking is illegal Seven European consumer organisations have filed a blockbuster complaint arguing that Google's location tracking in Android lacks a valid legal basis in the European Union. At the heart of the complaint is that the user control of location tracking falls far short of what's required by the union's General Data Protection …
"And that's not even considering that every citizen has a voice in choosing its government in a democracy."
They actually don't. Since you're bringing up US politics, in virtually every election, the largest constituent has been those who have abstained as they thought none of the politicians were fit for office. Their voices are however routinely ignored by NPCs.
"At the heart of the complaint is that the user control of location tracking falls far short of what's required by the union's General Data Protection Regulation (GDPR)"
Who'd have thought that providing a control that claims to stop location tracking without actually stopping location tracking would have been objectionable?
If you are some paranoid nutter that cares about this sort of thing, then don't turn it on. If you do. You can permently pause it, and if you want to delete all the previously collected data, you can also do so. If only Apple did ANY of this. With iPhone location tracking, it's mandatory with no option to turn it off, it's part of using the iPhone agreement and used to improve apple maps, and the data may be shared with partners. Go read the apple privacy policy.
The Google settings are pretty reasonable, if you don't like them, don't use them. I find it handy for time billing. Knowing where I was when
You are preaching to the wrong crowd brother. Seriously, if you are so utterly and personally inept at life stuff that you need Google to help you with this "I find it handy for time billing. Knowing where I was when" then you really do get what you deserve.
The rest of us... I think we'd be just as happy without all of the subliminal tracking and data slurping thanks.
"
If you are some paranoid nutter that cares about this sort of thing, then don't turn it on
"
Paranoid? I may well want to use it for some things, but if you leave it on all the time it means that potentially anyone could get hold of your location history since you started carrying a Google device around with you. Maybe you think that's harmless - but what happens when your insurance goes up because they see that you regularly drive on statistically more dangerous roads, or visit places that are deemed a "lifestyle risk"? Or your employer can look to see where you went on that day you said you were sick (but really went to a job interview), or your nutty ex uses it to follow you around, or a burglar uses it to ensure that all household members a far away?
The correct way would be to leave it off unless I start using an application where I specifically want it to know my location.
"The correct way would be to leave it off unless I start using an application where I specifically want it to know my location."
When you buy a phone you should be able to use its location features without sharing your location to advertiser's and without being tricked into doing so by deceptive wording.
If you accept Google being tricky you hand too much power to them in return for to little to consumers. The more power Google have, the more money they take from you via the advertising costs that form part of the price of what you buy.
If Google give you a location tool in return for location data and you are fairly informed about the cost benefit this is deemed ok by GDPR. This is not the case because you are not faily informed. Neither the cost nor what you get in return. s. I don't think consumers are aware of the hidden cost of Google's tracking to product prices so I support the EU govt fighting on our behalf.
All Google have to do to comply is be honest.
If they are incapable of honest trading they should be fined.
To be fair paused=off in that sense. if it renamed it to off it would still do the same thing just have a different name. It doesn't automatically re-enable itself after a set period of time for instance.
You pause the location history on the dashboard, but that doesn't mean Google can't track you.
By naming it 'pause' instead of 'off', it's probably the one thing Google are (slightly) honest about.
No, location history cannot be turned off on the device.
It is a setting of the user's account under Web and only available through the online account management through the web browser. And you can only pause it, you cannot turn it off.
If you turn off tracking on the phone, it does not affect location history.
The Anonymous Coward is talking utter horsecrap.
There are two location histories, you can only turn one of them off, and that makes no difference whatsoever to Google's ability to track your location history.
Sorry to say it BUT, all you are doing is just pausing the software, NOT stopping it. With Google you have no say with their software, it is in their terms and conditions. Basically there are no free lunches while Google is around.
Possibly worth pointing out that there is a little message at the bottom of this page that says:
We use cookies to improve performance, for analytics and for advertising. You can manage your preferences at any time by visiting our cookie policy.
If you vist the cookie policy page, you'll find 7 separate places where you are told you may opt out, 3 of them belong to Google and some of the others seem merely lead to lengthy expositions of privacy policy with hard-to-find allusions to opting-out. And those opt-outs almost inevitably will involve other cookies being stored. So, kettle, pot, etc.
The real problem is that there still isn't any real alternative to advertising to fund Internet services and it's not clear people would want to use one that involved actual money. Perhaps leaning on Google over privacy might encourage them to find a way.
The basic fault with all these "GDPR updated" cookie policies is that they are all still opt-out in best case and more often just some advise on how you can dive down into your browser's cookie mgmt to clean up after each visit. So it's a looong way to opt-in based on the GDPR grouping cookies. And we still have the old "By continuing [whatever actions] you consent to our cookie policy".
Some "4%" fines are really needed.
"The real problem is that there still isn't any real alternative to advertising to fund Internet services"
The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative.
That said, if the ad companies cannot do advertising without spying, then I say let them all die. The internet got along fine before advertising, and it will get along fine (in very many ways, a whole lot better) without it now.
Also, the notion that it's "advertising or nothing" is a false choice. There is a whole spectrum of other means of raising revenue.
"Perhaps leaning on Google over privacy might encourage them to find a way."
That will not happen. Google's entire reason for being is to gather as much data as possible and use it to serve up ads. Saying that they might find another way is no different than saying that they might find a way to go out of business. Google is an advertising company, after all.
That said, if the ad companies cannot do advertising without spying
Well - there's just been a case in France where the regulator found that how the ad industry collects and tracks information (and obtains consent to do so) is illegal under the GDPR because they bundle many services together under on banner so "informed consent" isn't obtained for each usage.
Which means that ad brokers and exchanges are, in fact, illegal[1] as currently constituted in Europe.
Which is a Good Thing(TM).
[1] Well - the data collection and retention is illegal. And without the data, the current methods of ad real-time-bidding doesn't work - so essentially, all the ad exchanges involved would go out of business. Which is a Very Very Good Thing(TM)
"The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative."
I'm not even sure about that. In the old days of dead-tree publications, there was no ad tracking, everyone saw the same ads. That was actually a lot more lucrative. People actually bought local newspapers etc to look at the ads, and if you had an advert in a newspaper, that meant you were a big trustworthy company. Now it seems to mean you are a bottom-feeding, clickbaity scammer.
"You can absolutely do advertising without spying on everybody, it's just less lucrative."
Need a citation for that - on a specialist site like "the register" then surely knowing its content and therefore its intended audience is enough to know what ads to run. You don't need to track/personalise/etc me to show me an ad.
They can still make their megabucks advertising. It's only the "personalised" advertising that would be curtailed. They get premium rates for such ads, but I'm sure they can figure out how to charge enough to keep the electrons flowing for ads based on currently deprecated data like the actual search phrase entered into google or maps.
But it doesn't have to be targeted. To be honest, I've disabled all tracking on my devices - to the extent that I have around 45,000 tracking domains set to 0.0.0.0 (unroutable) in my hosts file and the quality of the ads hasn't suffered, in fact it has improved, I get random ads instead of ads for products I've already bought.
The problem with hosts files is they don't allow wildcards. So when they point to you a dynamically made up server name, ie a43c56.adhack.com, it won't match. There are two better ways to do it. You can do wildcard matching in a proxy.pac file. You can create your own internal dns server, and create fake zone files that point *.doubleclick.net to 0.0.0.0. I like the second one because it automatically applies to all of my devices, tablets, phones, etc on the local network.
Yes, I did the same thing when I read this story. First of all I couldn't find their privacy policy anywhere - no links to it until i realised it was hidden under the "cookie policy banner". Then it incorrectly uses the stupidly titled exemption of "legitimate business interests" which absolutely does not mean "as long as we want to do it we can".
Then there is no free consent given and no single place to easily opt out (opting out is subcontracted to the providers)
The privacy policy says "As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies"
"The Register may collect, process and use your personal data (including your name, postal address, email address, telephone number, mobile number and technical data including your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website"
"We may transfer your personal data outside the European Economic Area (EEA)."
I'd say that the bigger issue on Android is spyware apps and libraries that are hidden, can not be disabled by normal means, and can not be prevented from running in the background. These usually operate under the excuse of offering weather services, lockscreen themes, app usage feedback, local news, marketing feedback, cloud sync, and various feed updates. Their primary goal is to periodically make a query that reveals GPS, IP address, phone ID, and phone status. Even if GPS is off, the IP address can be correlated with other phone requests where GPS was on.
Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason. Apps that don't even use the Internet, like games and launchers, are using cell data in the background "for marketing feedback."
"Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason."
There aren't any such apps on my phone! But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission, I'm VERY cautious about what apps I will install, and I keep the fewest number of apps installed that I can.
"But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission"
You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...? And that in that process they are able to send whatever data they feel like to the server they load? And that you won't necessarily _see_ said page at all...?
You've obviously not used this kind of firewall.
What's being talked about here is an outgoing firewall where the user is typically asked to permit or block each individual network connection as it is requested (by the operating system, or an app, or JavaScript inside a web page). So loading a page in a browser could result in several prompts requesting connections to different domains - ad servers, tracking servers etc. and you can choose which succeed and which are blocked.
Now that's a bit chatty so you can usually set up permanent rules to allow or block. Really effective for removing adverts and usurping tracking attempts.
"You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...?"
Of course! But web access is firewalled off too, so that doesn't matter.
I've recently bought a bluetooth widget (NIX colorimeter) and for the app to talk to the device you have to give it permission to access location. WTF ? Why does it need location permission to talk to a bluetooth device ?
"Why does it need location permission to talk to a bluetooth device ?"
This is because Bluetooth can be used to determine location. From the Android developer's guide:
A location permission is required because Bluetooth scans can be used to gather information about the location of the user. This information may come from the user's own devices, as well as Bluetooth beacons in use at locations such as shops and transit facilities.
This highlights a pretty serious problem with the Android permission scheme -- it's too coarse and some of the permissions are required for unexpected reasons. I've been wishing that they'd fix this whole mess from the first time that I was exposed to it.
Requiring location permission to use Bluetooth is understandable from one point of view, but it makes little sense in the larger scheme of things -- if the permission is required for the reason they cite, then the permission would logically be required for a whole host of other things as well, none of which are more than tangentially related to location. Requiring this permission for such a wide array of things renders the permission a bit pointless, as users will rapidly learn they have to just accept it in order to do most of what they want to do.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
