Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Google Broke Australian Law Over Location Data Collection: Court

Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.

Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.

The US company faces potential fines of “many millions” of dollars over the case, which was brought by the Australian Competition and Consumer Commission (ACCC), the regulators’ chief Rod Sims said.

The federal court found that in 2017 and 2018 Google misled some users of phones and tablets featuring its Android operating system by collecting their personally identifiable location information even when they had opted out of sharing “Location History” data.

It said Google notably failed to make clear that allowing tracking of “Web & App Activity” under a separate setting on their devices included the location details.

Various studies around the world have documented the problem of location data being gathered through Android and iPhone devices without users’ knowledge or explicit permission.

Such data can be highly valuable to advertisers trying to pitch location-related products and services.

But the ACCC’s Sims said Friday’s court decision was “the first ruling of its type in the world in relation to these location data issues.”

“This is an important victory for consumers, especially anyone concerned about their privacy online, as the court’s decision sends a strong message to Google and others that big businesses must not mislead their customers,” he said.

“Today’s decision is an important step to make sure digital platforms are upfront with consumers about what is happening with their data and what they can do to protect it.”

In his ruling, Federal Court Judge Thomas Thawley “partially” accepted the ACCC case against Google, noting that the company’s “conduct would not have misled all reasonable users” of its service.

But he added that Google’s action “misled or was likely to mislead some reasonable users” and that “the number or proportion of reasonable users who were misled, or were likely to have been misled, does not matter” in establishing contraventions of the law.

The ACCC said it would seek “pecuniary penalties” that could amount to US$850,000 per breach, potentially totalling “many millions” of dollars, national broadcaster ABC quoted Sims as saying.

Google protested the ruling, which it noted had rejected some of the ACCC’s “broad claims” against it and concerned only a narrowly defined class of users.

“We disagree with the remaining findings and are currently reviewing our options, including a possible appeal,” a spokesperson said.

“We provide robust controls for location data and are always looking to do more — for example we recently introduced auto delete options for Location History, making it even easier to control your data,” they said.

Last year, Google was targeted alongside Facebook by the ACCC for failing to compensate Australian news organisations for content posted to their platforms.

The dispute led to landmark legislation requiring digital firms to pay for news and resulted in Google and Facebook signing deals worth millions of dollars to Australian media companies.

Related: Australian Watchdog Accuses Google of Privacy Breaches

Related: Arizona Takes Google to Court Over Location Tracking

Related: Google Location-Tracking Tactics Troubled Its Own Engineers

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...