A day after reports surfaced that certain Google apps track your whereabouts even when you turn off location data, experts on Tuesday expressed concerns about the practice, stressing that location and identity data can be used for both good and bad.
The Associated Press on 13 August ran a story saying an investigation found that many Google services on Android devices and iPhones store users’ location data even if the users have explicitly used a privacy setting forbidding that.
Researchers from Princeton University confirmed the findings.
According to Tim Mackey, Technical Evangelist at the US-based tech company Synopsys, it has been widely understood for some time that tech giants like Google use data supplied through the use of their services as part of their efforts to personalise the experience.
“There is a basic saying when it comes to most technology—’Just because you can, doesn’t mean you should’. For practical purposes, this supply of personal data has been part of the virtual fees we pay to companies in exchange for ‘free’ access to the services provided,” Mackey told IANS.
“With General Data Protection Regulation (GDPR) in the EU now in effect and regulations like the California Consumer Privacy Act (CCPA) on the horizon, companies collecting personal data need to reassess their use of personal data,” he noted.
In a statement given to IANS, Google said that “Location History is a Google product that is entirely opt-in, and users have the controls to edit, delete or turn it off at any time.
“As the (AP) story notes, we make sure Location History users know that when they disable the product, we continue to use location to improve the Google experience when they do things like perform a Google search or use Google for driving directions,” said Google.
But just turning off Location History doesn’t solve the purpose. In Google Settings, pausing ‘Web and App Activity’ may do the trick.
However, according to the information on Google’s Activity Control page, “Even when this setting is paused, Google may temporarily use information from recent searches in order to improve the quality of the active search session”.
According to Mackey, since we’re talking about consumer-level services, the expectation of the consumer for an ‘off switch’ is what matters most.
“Users wishing their location be kept private indicate this preference through the ‘Location history’ setting. If vendors placed themselves in the shoes of a consumer and respected the setting, managing consent under regulations like GDPR would be simpler and the user’s expectations would be met,” Mackey emphasised.
According to Jesse Victors, Software Security Consultant at Synopsys, when Google builds a control into Android and then does not honour it, there is a strong potential for abuse.
“It is sometimes extremely important to keep one’s location history private. Other times, you may simply wish to opt out of data collection. It’s disingenuous and misleading to have a toggle switch that does not completely work,” Victors said.