Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.
The US company faces potential fines of “many millions” of dollars over the case, which was brought by the Australian Competition and Consumer Commission (ACCC), the regulators’ chief Rod Sims said.
The federal court found that in 2017 and 2018 Google misled some users of phones and tablets featuring its Android operating system by collecting their personally identifiable location information even when they had opted out of sharing “Location History” data.
It said Google notably failed to make clear that allowing tracking of “Web & App Activity” under a separate setting on their devices included the location details.
Various studies around the world have documented the problem of location data being gathered through Android and iPhone devices without users’ knowledge or explicit permission.
Such data can be highly valuable to advertisers trying to pitch location-related products and services.
But the ACCC’s Sims said Friday’s court decision was “the first ruling of its type in the world in relation to these location data issues.”
“This is an important victory for consumers, especially anyone concerned about their privacy online, as the court’s decision sends a strong message to Google and others that big businesses must not mislead their customers,” he said.
“Today’s decision is an important step to make sure digital platforms are upfront with consumers about what is happening with their data and what they can do to protect it.”
In his ruling, Federal Court Judge Thomas Thawley “partially” accepted the ACCC case against Google, noting that the company’s “conduct would not have misled all reasonable users” of its service.
But he added that Google’s action “misled or was likely to mislead some reasonable users” and that “the number or proportion of reasonable users who were misled, or were likely to have been misled, does not matter” in establishing contraventions of the law.
The ACCC said it would seek “pecuniary penalties” that could amount to US$850,000 per breach, potentially totalling “many millions” of dollars, national broadcaster ABC quoted Sims as saying.
Google protested the ruling, which it noted had rejected some of the ACCC’s “broad claims” against it and concerned only a narrowly defined class of users.
“We disagree with the remaining findings and are currently reviewing our options, including a possible appeal,” a spokesperson said.
“We provide robust controls for location data and are always looking to do more — for example we recently introduced auto delete options for Location History, making it even easier to control your data,” they said.
Last year, Google was targeted alongside Facebook by the ACCC for failing to compensate Australian news organisations for content posted to their platforms.
The dispute led to landmark legislation requiring digital firms to pay for news and resulted in Google and Facebook signing deals worth millions of dollars to Australian media companies.