back to article Euro consumer groups: We think Android tracking is illegal

Seven European consumer organisations have filed a blockbuster complaint arguing that Google's location tracking in Android lacks a valid legal basis in the European Union. At the heart of the complaint is that the user control of location tracking falls far short of what's required by the union's General Data Protection …

  1. DavCrav

    "Ironically, nudging and "dark patterns" of design were once enthusiastically endorsed by governments, legitimising the techniques of manipulation."

    The government imprisons people as well, but this isn't legitimizing the idea of kidnapping.

    1. Anonymous Coward
      Anonymous Coward

      And that's not even considering that every citizen has a voice in choosing its government in a democracy.

      Comparing Google to Obama is weird, at best: he was elected, did two terms, then was replaced by somebody with a completely different agenda.

      Google? Not so much.

      1. Anonymous Coward
        Anonymous Coward

        >Comparing Google to Obama is weird

        This is Andrew - he seems to have a hard-on against both.

        1. Ian Michael Gumby
          Big Brother

          >Comparing Google to Obama is weird

          This is Andrew - he seems to have a hard-on against both.

          And rightly so.

          Both did 'evil' while claiming to 'do no evil'.

      2. Anonymous Coward
        Anonymous Coward

        "And that's not even considering that every citizen has a voice in choosing its government in a democracy."

        Tell that to the 52%

      3. muhfugen

        "And that's not even considering that every citizen has a voice in choosing its government in a democracy."

        They actually don't. Since you're bringing up US politics, in virtually every election, the largest constituent has been those who have abstained as they thought none of the politicians were fit for office. Their voices are however routinely ignored by NPCs.

        1. Anonymous Coward
          Anonymous Coward

          "And that's not even considering that every citizen has a voice in choosing its government in a democracy."

          They may have a voice but seeing as Hilary Clinton got more votes than Donald Trump, it doesn't necessarily mean that every vote counts.

  2. Anonymous Coward
    Anonymous Coward

    "Google invokes for personalised advertising (behavioural targeting)."

    Google invokes for personalised advertising (showing ads for stuff you've already bought and places ytou already know about).

    TFTFY

  3. frank 3

    And maps complains every 30s if you don't allow it access to body sensors and your phone contacts.

    Google is taking the pish, so good to see this suit.

    1. Throatwarbler Mangrove Silver badge

      Do what I do

      Take a screenshot of the error and then report it as a bug to the Maps team. Maybe they'll eventually get the point.

    2. joeW

      What version are you running? Maps has access to neither body sensors nor contacts on my phone and works fine.

      1. Anonymous Coward
        Anonymous Coward

        Nor mine. I can see that in the manifest it may ask for Camera, Contacts, Location, Microphone, SMS and Storage. The only one it has asked me for so far is Location.

        It hasn't bugged me once for any of the others yet.

        1. IceC0ld

          We think [Android] sry Google tracking is illegal

          It hasn't bugged me once for any of the others yet.

          ===

          YET ........................

          1. Anonymous Coward
            Anonymous Coward

            Re: We think [Android] sry Google tracking is illegal

            "YET ........................"

            Well something that hasn't bugged me for 10years .....YET..... I can live with.

  4. JohnFen

    Who'd have thought?

    "At the heart of the complaint is that the user control of location tracking falls far short of what's required by the union's General Data Protection Regulation (GDPR)"

    Who'd have thought that providing a control that claims to stop location tracking without actually stopping location tracking would have been objectionable?

  5. Anonymous Coward
    Anonymous Coward

    There is no real option to turn off Location History once it has been enabled;

    Utter horsecrap. It's configured on a per-device basis, and defaults to off. Whatever happened to fact checking before running with a story?

    End of story.

    1. Ken Hagan Gold badge

      Re: There is no real option to turn off Location History once it has been enabled;

      https://www.schneier.com/blog/archives/2018/08/google_tracks_i.html

    2. Danny 14

      Re: There is no real option to turn off Location History once it has been enabled;

      did you even read your own title? whatever the default, switch it ON then attempt to switch it off. You cant as there is no off. It is either doesnt exist, on or paused.

      1. Anonymous Coward
        Anonymous Coward

        Re: There is no real option to turn off Location History once it has been enabled;

        If you are some paranoid nutter that cares about this sort of thing, then don't turn it on. If you do. You can permently pause it, and if you want to delete all the previously collected data, you can also do so. If only Apple did ANY of this. With iPhone location tracking, it's mandatory with no option to turn it off, it's part of using the iPhone agreement and used to improve apple maps, and the data may be shared with partners. Go read the apple privacy policy.

        The Google settings are pretty reasonable, if you don't like them, don't use them. I find it handy for time billing. Knowing where I was when

        1. Aristotles slow and dimwitted horse

          Re: There is no real option to turn off Location History once it has been enabled;

          You are preaching to the wrong crowd brother. Seriously, if you are so utterly and personally inept at life stuff that you need Google to help you with this "I find it handy for time billing. Knowing where I was when" then you really do get what you deserve.

          The rest of us... I think we'd be just as happy without all of the subliminal tracking and data slurping thanks.

        2. Cynic_999

          Re: There is no real option to turn off Location History once it has been enabled;

          "

          If you are some paranoid nutter that cares about this sort of thing, then don't turn it on

          "

          Paranoid? I may well want to use it for some things, but if you leave it on all the time it means that potentially anyone could get hold of your location history since you started carrying a Google device around with you. Maybe you think that's harmless - but what happens when your insurance goes up because they see that you regularly drive on statistically more dangerous roads, or visit places that are deemed a "lifestyle risk"? Or your employer can look to see where you went on that day you said you were sick (but really went to a job interview), or your nutty ex uses it to follow you around, or a burglar uses it to ensure that all household members a far away?

          The correct way would be to leave it off unless I start using an application where I specifically want it to know my location.

          1. teknopaul

            Re: There is no real option to turn off Location History once it has been enabled;

            "The correct way would be to leave it off unless I start using an application where I specifically want it to know my location."

            When you buy a phone you should be able to use its location features without sharing your location to advertiser's and without being tricked into doing so by deceptive wording.

            If you accept Google being tricky you hand too much power to them in return for to little to consumers. The more power Google have, the more money they take from you via the advertising costs that form part of the price of what you buy.

            If Google give you a location tool in return for location data and you are fairly informed about the cost benefit this is deemed ok by GDPR. This is not the case because you are not faily informed. Neither the cost nor what you get in return. s. I don't think consumers are aware of the hidden cost of Google's tracking to product prices so I support the EU govt fighting on our behalf.

            All Google have to do to comply is be honest.

            If they are incapable of honest trading they should be fined.

      2. Anonymous Coward
        Anonymous Coward

        Re: There is no real option to turn off Location History once it has been enabled;

        To be fair paused=off in that sense. if it renamed it to off it would still do the same thing just have a different name. It doesn't automatically re-enable itself after a set period of time for instance.

        1. Dan 55 Silver badge

          Re: There is no real option to turn off Location History once it has been enabled;

          To be fair paused=off in that sense. if it renamed it to off it would still do the same thing just have a different name. It doesn't automatically re-enable itself after a set period of time for instance.

          You pause the location history on the dashboard, but that doesn't mean Google can't track you.

          By naming it 'pause' instead of 'off', it's probably the one thing Google are (slightly) honest about.

    3. big_D Silver badge

      Re: There is no real option to turn off Location History once it has been enabled;

      No, location history cannot be turned off on the device.

      It is a setting of the user's account under Web and only available through the online account management through the web browser. And you can only pause it, you cannot turn it off.

      If you turn off tracking on the phone, it does not affect location history.

    4. katrinab Silver badge
      Flame

      Re: There is no real option to turn off Location History once it has been enabled;

      The Anonymous Coward is talking utter horsecrap.

      There are two location histories, you can only turn one of them off, and that makes no difference whatsoever to Google's ability to track your location history.

    5. Peconet57

      Re: There is no real option to turn off Location History once it has been enabled;

      Sorry to say it BUT, all you are doing is just pausing the software, NOT stopping it. With Google you have no say with their software, it is in their terms and conditions. Basically there are no free lunches while Google is around.

    6. Tomato42

      Re: There is no real option to turn off Location History once it has been enabled;

      yes, because being asked to enable it every fucking time you use an app that uses GPS is very convenient and totally not strong-arming the user to surrender their privacy /s

  6. Warm Braw

    The user has no freedom but to consent

    Possibly worth pointing out that there is a little message at the bottom of this page that says:

    We use cookies to improve performance, for analytics and for advertising. You can manage your preferences at any time by visiting our cookie policy.

    If you vist the cookie policy page, you'll find 7 separate places where you are told you may opt out, 3 of them belong to Google and some of the others seem merely lead to lengthy expositions of privacy policy with hard-to-find allusions to opting-out. And those opt-outs almost inevitably will involve other cookies being stored. So, kettle, pot, etc.

    The real problem is that there still isn't any real alternative to advertising to fund Internet services and it's not clear people would want to use one that involved actual money. Perhaps leaning on Google over privacy might encourage them to find a way.

    1. OhThatGuy

      Re: The user has no freedom but to consent

      The basic fault with all these "GDPR updated" cookie policies is that they are all still opt-out in best case and more often just some advise on how you can dive down into your browser's cookie mgmt to clean up after each visit. So it's a looong way to opt-in based on the GDPR grouping cookies. And we still have the old "By continuing [whatever actions] you consent to our cookie policy".

      Some "4%" fines are really needed.

    2. JohnFen

      Re: The user has no freedom but to consent

      "The real problem is that there still isn't any real alternative to advertising to fund Internet services"

      The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative.

      That said, if the ad companies cannot do advertising without spying, then I say let them all die. The internet got along fine before advertising, and it will get along fine (in very many ways, a whole lot better) without it now.

      Also, the notion that it's "advertising or nothing" is a false choice. There is a whole spectrum of other means of raising revenue.

      "Perhaps leaning on Google over privacy might encourage them to find a way."

      That will not happen. Google's entire reason for being is to gather as much data as possible and use it to serve up ads. Saying that they might find another way is no different than saying that they might find a way to go out of business. Google is an advertising company, after all.

      1. CrazyOldCatMan Silver badge

        Re: The user has no freedom but to consent

        That said, if the ad companies cannot do advertising without spying

        Well - there's just been a case in France where the regulator found that how the ad industry collects and tracks information (and obtains consent to do so) is illegal under the GDPR because they bundle many services together under on banner so "informed consent" isn't obtained for each usage.

        Which means that ad brokers and exchanges are, in fact, illegal[1] as currently constituted in Europe.

        Which is a Good Thing(TM).

        [1] Well - the data collection and retention is illegal. And without the data, the current methods of ad real-time-bidding doesn't work - so essentially, all the ad exchanges involved would go out of business. Which is a Very Very Good Thing(TM)

      2. katrinab Silver badge

        Re: The user has no freedom but to consent

        "The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative."

        I'm not even sure about that. In the old days of dead-tree publications, there was no ad tracking, everyone saw the same ads. That was actually a lot more lucrative. People actually bought local newspapers etc to look at the ads, and if you had an advert in a newspaper, that meant you were a big trustworthy company. Now it seems to mean you are a bottom-feeding, clickbaity scammer.

      3. DaLo

        Re: The user has no freedom but to consent

        "You can absolutely do advertising without spying on everybody, it's just less lucrative."

        Need a citation for that - on a specialist site like "the register" then surely knowing its content and therefore its intended audience is enough to know what ads to run. You don't need to track/personalise/etc me to show me an ad.

    3. lowwall

      That's not a real problem

      They can still make their megabucks advertising. It's only the "personalised" advertising that would be curtailed. They get premium rates for such ads, but I'm sure they can figure out how to charge enough to keep the electrons flowing for ads based on currently deprecated data like the actual search phrase entered into google or maps.

      1. Danny 14

        Re: That's not a real problem

        web ads? havent seen those in ages.

    4. big_D Silver badge

      Re: The user has no freedom but to consent

      But it doesn't have to be targeted. To be honest, I've disabled all tracking on my devices - to the extent that I have around 45,000 tracking domains set to 0.0.0.0 (unroutable) in my hosts file and the quality of the ads hasn't suffered, in fact it has improved, I get random ads instead of ads for products I've already bought.

      1. Peconet57

        Re: The user has no freedom but to consent

        Interesting. I will have to try that out sometime.

      2. doke

        Re: The user has no freedom but to consent

        The problem with hosts files is they don't allow wildcards. So when they point to you a dynamically made up server name, ie a43c56.adhack.com, it won't match. There are two better ways to do it. You can do wildcard matching in a proxy.pac file. You can create your own internal dns server, and create fake zone files that point *.doubleclick.net to 0.0.0.0. I like the second one because it automatically applies to all of my devices, tablets, phones, etc on the local network.

    5. Anonymous Coward
      Anonymous Coward

      Re: The user has no freedom but to consent

      Yes, I did the same thing when I read this story. First of all I couldn't find their privacy policy anywhere - no links to it until i realised it was hidden under the "cookie policy banner". Then it incorrectly uses the stupidly titled exemption of "legitimate business interests" which absolutely does not mean "as long as we want to do it we can".

      Then there is no free consent given and no single place to easily opt out (opting out is subcontracted to the providers)

      The privacy policy says "As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies"

      "The Register may collect, process and use your personal data (including your name, postal address, email address, telephone number, mobile number and technical data including your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website"

      "We may transfer your personal data outside the European Economic Area (EEA)."

  7. Kevin McMurtrie Silver badge
    Black Helicopters

    Spyware ecosystem

    I'd say that the bigger issue on Android is spyware apps and libraries that are hidden, can not be disabled by normal means, and can not be prevented from running in the background. These usually operate under the excuse of offering weather services, lockscreen themes, app usage feedback, local news, marketing feedback, cloud sync, and various feed updates. Their primary goal is to periodically make a query that reveals GPS, IP address, phone ID, and phone status. Even if GPS is off, the IP address can be correlated with other phone requests where GPS was on.

    Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason. Apps that don't even use the Internet, like games and launchers, are using cell data in the background "for marketing feedback."

    1. JohnFen

      Re: Spyware ecosystem

      "Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason."

      There aren't any such apps on my phone! But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission, I'm VERY cautious about what apps I will install, and I keep the fewest number of apps installed that I can.

      1. Danny 14

        Re: Spyware ecosystem

        same. first thing i do is root and droidwall etc.

      2. DropBear

        Re: Spyware ecosystem

        "But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission"

        You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...? And that in that process they are able to send whatever data they feel like to the server they load? And that you won't necessarily _see_ said page at all...?

        1. Gonzo wizard

          Re: Spyware ecosystem

          You've obviously not used this kind of firewall.

          What's being talked about here is an outgoing firewall where the user is typically asked to permit or block each individual network connection as it is requested (by the operating system, or an app, or JavaScript inside a web page). So loading a page in a browser could result in several prompts requesting connections to different domains - ad servers, tracking servers etc. and you can choose which succeed and which are blocked.

          Now that's a bit chatty so you can usually set up permanent rules to allow or block. Really effective for removing adverts and usurping tracking attempts.

        2. JohnFen

          Re: Spyware ecosystem

          "You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...?"

          Of course! But web access is firewalled off too, so that doesn't matter.

  8. Snowy Silver badge
    Flame

    Also consider Bluetooth

    In order for Bluetooth to work on a an Android device you have to turn on location services, what one has to do with the other is a mystery to me

    1. Danny 14

      Re: Also consider Bluetooth

      ? i dont have location or tracking enabled and I use bluetooth. What shady build are you using?

      1. SImon Hobson Bronze badge

        Re: Also consider Bluetooth

        I've recently bought a bluetooth widget (NIX colorimeter) and for the app to talk to the device you have to give it permission to access location. WTF ? Why does it need location permission to talk to a bluetooth device ?

        1. JohnFen

          Re: Also consider Bluetooth

          "Why does it need location permission to talk to a bluetooth device ?"

          This is because Bluetooth can be used to determine location. From the Android developer's guide:

          A location permission is required because Bluetooth scans can be used to gather information about the location of the user. This information may come from the user's own devices, as well as Bluetooth beacons in use at locations such as shops and transit facilities.

          This highlights a pretty serious problem with the Android permission scheme -- it's too coarse and some of the permissions are required for unexpected reasons. I've been wishing that they'd fix this whole mess from the first time that I was exposed to it.

          Requiring location permission to use Bluetooth is understandable from one point of view, but it makes little sense in the larger scheme of things -- if the permission is required for the reason they cite, then the permission would logically be required for a whole host of other things as well, none of which are more than tangentially related to location. Requiring this permission for such a wide array of things renders the permission a bit pointless, as users will rapidly learn they have to just accept it in order to do most of what they want to do.

          1. eldakka

            Re: Also consider Bluetooth

            Requiring this permission for such a wide array of things renders the permission a bit pointless, as users will rapidly learn they have to just accept it in order to do most of what they want to do.

            Exactly the point of it methinks.

            They are training you to press the 'accept' button on location tracking, so that you will just automatically accept it when a popup that matters prompts for it.

            1. Anonymous Coward
              Anonymous Coward

              Re: Also consider Bluetooth

              "They are training you to press the 'accept' button on location tracking, "

              Oh boy, this is tinfoil hat time. It serves as a warning from Google that this app is using something that may be able to track you and you have to agree to that. Web Beacons can be used for tracking very easily and in some areas are quite prevalent.

              Therefore Google can either make you think you aren't being tracked because you only have Bluetooth on due to an app needing access to it and then they get headlines saying "apps are utilising a loophole in bluetooth to allow tracking" or they know that by allowing bluetooth access on an app they can track using that so you must also give permission for that as well. You don't need to allow that app to have access to GPS to use bluetooth!

              1. JohnFen

                Re: Also consider Bluetooth

                " It serves as a warning from Google that this app is using something that may be able to track you and you have to agree to that."

                Yes, that's the intention. But because the Android permissions system is so utterly awful, that's not the effect. The actual effect is that users are encouraged to ignore the permissions request and just allow everything.

                The problem with the Bluetooth-related locations permission is that it's too coarse, as using the permission in that way means that the permission will be asked for with the majority of apps, whether they engage in location tracking or not. That's training people to just click "accept" without thinking.

                A better way to do it is to make the location permission required for apps that actually use location services (which is what users assume it means, even though it doesn't), and have a different mechanism to warn users about possible loopholes. For using Bluetooth, for example, rather than asking for location permission (which is a misleading thing to do), it would be better to just put up a warning that apps that can access Bluetooth could leverage that access to determine your location.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Also consider Bluetooth

                  "A better way to do it is to make the location permission required for apps that actually use location services (which is what users assume it means, even though it doesn't), and have a different mechanism to warn users about possible loopholes"

                  But it is not really possible to tell whether an app is using Bluetooth for location tracking or for just connecting to a peripheral. So by giving a 'warning' what you are actually suggesting in your comment is that is so people can safely ignore it as it isn't relevant. So the app that does do tracking via Bluetooth, or worse pretends it is a peripheral connector but is actually gathering tracking data and reselling it gets let off the hook because they know most people will ignore the warning. That's why you have to explicitly allow location tracking as it makes you think about those risks and agree to them.

                  1. JohnFen

                    Re: Also consider Bluetooth

                    " So by giving a 'warning' what you are actually suggesting in your comment is that is so people can safely ignore it as it isn't relevant."

                    This is true, but what is the alternative? Google's approach has the exact same problem, except that it is encouraging people to ignore a permission that, in other circumstances, has a more urgent meaning.

                    The point of my suggestion is to both eliminate the confusion that the current permission causes, and to try to avoid encouraging people to simply accept all permissions because they're always asked for no matter what anyway.

    2. JohnFen

      Re: Also consider Bluetooth

      Bluetooth works fine for me without having location services turned on...

      1. Bent Metal

        Re: Also consider Bluetooth

        Garmin Connect - for all that nice fitness / activity tracking gear - won't even consider syncing to your Garmin device without Location turned on.

        1. Anonymous Coward
          Anonymous Coward

          Re: Also consider Bluetooth

          "Garmin Connect" is a prime example of software requiring more information than is necessary for it's function.

          If you ask Garmin support on the phone about the use of it's adult smart watches by children, they say yes, they're fine for children. If you then buy one, you discover that the only way to use a lot of the devices functionality (like keeping accurate time) is to either lie about the child's age, or create your an account with your own details, and couple the device to that.

          I'm not about to teach my child to lie, so Garmin have some exercise stats which will indicate that I have mid morning playtime and weekly PE lessons. Isn't irony something you do to your shirties?

          For some reason the kids versions of the smart watches are partially crippled.

          1. Dan 55 Silver badge

            Re: Also consider Bluetooth

            On the contrary, I think the first thing you should do when it comes to slurpy services is teach your kid to lie, and explain why.

    3. Anonymous Coward
      Anonymous Coward

      Re: Also consider Bluetooth

      As Bluetooth beacons, wifi, GPS and cellular data are all used to track someone position, all of them now work together, and are dangerous from a privacy perspective.

      Obviously there could be legitimate uses - i.e. those applications that use GPS to map last Bluetooth communications to help you find your car could be OK - as long as the data stays on the phone and is not transmitted and stored to the mothership.

      1. JohnFen

        Re: Also consider Bluetooth

        "and are dangerous from a privacy perspective."

        Yes. This is a major part of why I generally don't allow apps to communicate to the outside world -- apps can gather all sorts of sensitive information without your knowledge, and the Android permissions system is essentially worthless in terms of helping to mitigate that.

        So my second-to-final defense is to firewall all apps off, so that even if they're collecting information, they can't send it anywhere. (My final defense is that all communications to/from my phone goes through a VPN to my home server, where my router and firewall rules can be a bit more comprehensive.)

    4. rmason

      Re: Also consider Bluetooth

      @Snowy, on your android device perhaps, but not on any of the (probably hundreds) I've seen used or supported over the years.

      the only thing i've seen that comes close to that is some of the fitbit style things want BT and location on to do their "sync" thing and then they're perfectly happy without location.

      This is only needed if you let the fitbit battery die for example. It will ask for location and bluetooth to sync but that's the fitbit app, not android, doing the asking.

  9. Down not across

    Generous Google

    "We're constantly working to improve our controls, and we'll be reading this report closely to see if there are things we can must take on board," Google told Reuters.

    FTFY

    1. Tromos

      Re: Generous Google

      The entire problem is that they take EVERYTHING on board.

  10. The Nazz

    Extending the fines?

    Genuine question, as i'm wholly unknowledgable ( and too lazy to google ) on matters regarding GDPR.

    Are the 4% fines levied on both Google AND the advertisers (agencies and brands) in such breaches?

    If not they ought to be. Legitimate businesses would soon change their ways if they were also fined for unwelcome adverts finding there way to me and others.

    1. Anonymous Coward
      Anonymous Coward

      "Are the 4% fines levied on both Google AND the advertisers"

      GDPR is about data "controllers" and "processors":

      https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en

      Both can be fined if they don't abide to the rules - but an advertiser may be none of them, as they can never gather, store or process personal data. For example, if Google lets you chose a target (say "single white male nerd between 30 and 40, living in a city > 100,000, income above X, good credit score, Star Wars fan, buys online"), and Google does the targeting, the advertiser never see the actual personal data. so it isn't nor the controller nor the processor - Google is both.

      If, as in the CA scandal, data are actually transferred, both can be fined.

      However, GDPR is not a law against the advertising industry - it's to protect personal data.

      Evidently, the slant the ads industry took in the past years toward targeted behavioral advertisement (plus using "influencers" to hide the ad origin...) is built on data hoarding, and won't work well without it.

      1. Joeyjoejojrshabado

        Re: "Are the 4% fines levied on both Google AND the advertisers"

        "Google does the targeting, the advertiser never see the actual personal data. so it isn't nor the controller nor the processor - Google is both."

        Technically, Google is just the controller in the example you give, there is no processor.

        The controller is responsible for compliance with the principles of processing of personal data under it's control. If an processor were acting on Google's behalf, it would act only on Google's instruction, so the big G carries the can (unless the processor acts outside of those instructions).

        It would be more likely if there were sharing of identifiable information with an advertiser, that both are controllers (rather than controller-processor) and so both are equally responsible for their own processing activities.

        I agree, the business models that ad industry and consumer web services like Google have put in place are heavily dependent on data slurping. When regulation under GDPR and other DP laws start to have an effect, they may use that to move to a more freemium type of model for some services, or charge more for products e.g. Android devices, if that source of revenue is to be undercut.

        1. Anonymous Coward
          Anonymous Coward

          "Technically, Google is just the controller in the example you give, there is no processor."

          That depends on the structure of Google - i.e. if the collecting and processing entities are legal entities on their own or not - i.e. what separation may still exists between Google and DoubleClick.

          IMHO Google & C. are very careful about not leaking PII to advertiser, because the "value" is exactly in fully controlling them and just sell services built on them.

          I believe Facebook was more furious CA could "steal" its data than it used them for nefarious activities.

          About the business model, I prefer to pay for a product than let them hoard my data, especially since one day the can be used against me. I already pay for my mail server, web site, and storage, exactly to keep my data away from Google & C.

  11. Carl D

    My Android phone is never connected to the Internet so I don't have a tracking problem.

    I use it for... well, making and receiving phone calls. And taking pictures occasionally plus listening to MP3's when I'm walking to and from work.

    1. Anonymous Coward
      Anonymous Coward

      @Carl D - Same for me

      Yes, Google might still be able to track me via cellular network but since I'm not using Internet on my phone, they have no way to push the advertising on me. At least for the moment!

      Also, on my computer, I use Gmail exclusively in a different standalone browser so all that's left for them to push ads on me is search (where I can ignore them) and YouTube where they are so annoying that I swear to never buy whatever they're advertising. In the end, since I'm not purchasing anything over the Internet the data they collect is pretty useless so I guess those companies putting the ads are being robbed of their money since they can't really reach me.

      I know there are ad-blockers I could use but I'm honest and if a site is ticking me off with aggressive ads, I quit right away and never go back.

  12. Anonymous Coward
    Anonymous Coward

    I use Gmail exclusively in a different standalone

    Still, Google has all your emails, and your mail contacts... and the data they collect are still useful even if you don't 'purchase over the Internet'.... not all ads are for goods sold online.

  13. Anonymous Coward
    Anonymous Coward

    (sees mention of Google maps in headline ...)

    Why, have they introduced a feature to display speed limits (as requested by many users for over 5 years) ?

    No ?

    Well, I can see why - they've clearly been busy elsewhere.

    1. BitCoward

      Re: (sees mention of Google maps in headline ...)

      Waze is the answer

      1. Anonymous Coward
        Anonymous Coward

        Re: Waze is the answer

        No. Waze is not the answer. Nor is any other non-google mapping app if you want to use things like Android Auto, or associated Auto apps. They *all* link to Google Maps.

        Sure, you can install and use Waze standalone (and if that's the choice, I'd have HERE, since it has a proper useful driving-mode, unlike the POS google Maps "driving mode" which seems elusive on all versions of Android I've ended up with). But then you've broken the google grip on your device, and things using maps don't/can't integrate.

        But, in a move to piss off google - and handset manufacturers general - I've discovered that devoting an old MOTOG as my sat nav solution works perfectly. So my phone stays in my pocket ...

        1. tiggity Silver badge

          Re: Waze is the answer

          Android Auto?

          Happily our household runs an approx 10 year old car so it lacks such bells & whistles & I just use a dedicated SatNav and temporarily stick it to windscreen corner if going somewhere new where I don't know the way.

          This has bonus of locating satnav in a useful position - unlike car "inbuilt" satnavs which always need you to look away from the road more.

          I have seen such stuff when being chauffeur for infirm relatives using their car.

          My solution is to keep phone charged from USB charger plugged into lighter socket so bypassing the USB ports the car provides that tries to pull in android auto etc.

      2. Anonymous Coward
        Anonymous Coward

        Re: (sees mention of Google maps in headline ...)

        The answer is to use an app on your device which uses offline map data. I've successfully used an app which uses offline openstreetmap data in Italy, Spain, France, Norway, the US and the UK.

        I use Mapfactor Navigator, but there are other apps to choose from.

      3. muhfugen

        Re: (sees mention of Google maps in headline ...)

        "Waze is the answer"

        You do realize Waze is owned/developed by Google?

        https://en.wikipedia.org/wiki/Waze

  14. Commswonk

    Pedantry Alert

    The complaint also tickles the fuse of a long-ticking time bomb buried in GDPR that has not yet detonated.

    Fuses in bombs are fuzes.

    1. Crisp

      Re: Pedantry Alert

      fuse

      /fjuːz/

      noun

      noun: fuse; plural noun: fuses; noun: fuze; plural noun: fuzes

      1.

      a length of material along which a small flame moves to explode a bomb or firework, meanwhile allowing time for those who light it to move to a safe distance.

      "a bomb on a short fuse"

      a device in a bomb that controls the timing of the explosion.

  15. Anonymous Coward
    Anonymous Coward

    Shame the UK opted out of EU goodness

    I wonder if EU citizens in the UK after Brexit are still covered under GDPR for products purchased in UK. If so then whats to stop UK citizens from claiming European data protection profiles.

    As to the old "you get the governement you deserve" in light of the sudden changes to UK voting (new ID requirements) then one wonders if the brexit vote might have been discovered to have included "extra" votes, thus making the government something other than that chosen by those with an "offical" franchise.

  16. Ian Michael Gumby
    Big Brother

    Gee!

    And I have friends who say I'm a dolt for buying and sticking with an Apple iPhone.

    Yeah, Apple makes their money on the kit, not selling ads or marketing.

  17. Gonzo wizard

    If only this were restricted to Google and Facebook...

    Signing up with Polar to get the full functionality of one of their fitness devices is exactly the same - you must agree to everything before you can do anything, nothing is optional. If you want to use their fitness trackers in total isolation then you're good. But you can't connect to anything without first installing a mobile or desktop app. And agreeing to:

    - Handing over all your personal details (lots of mandatory data collected)

    - Your data being exported outside the EU for processing

    - Your data being used to verify your identity, investigate fraud and 'misuse'

    - Your data being used for activities not directly related to fitness tracking

    - Your data being made available to subcontractors

    Some of this you can subsequently revoke but only by contacting customer services...

  18. doke

    Why does wifi scanning (for apps like wifi analyzer) need location turned on in android 6 and above? It wasn't needed in 5. It doesn't add any functionality for me. I just want to verify the wifi coverage for my users in their conference rooms.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like