Google’s plans to track you offline just hit their first hurdle
A leading privacy rights group is calling on the US Federal Trade Commission (FTC) to investigate Google, alleging that the company is gaining access to credit card information in a bid to bind customer online behaviour to offline shopping habits.
Google’s new advertising scheme, Store Sales Measurement, allows the tech giant to track customer credit-card transactions – both online and within brick-and-mortar shops. The idea is that the company can use this information to better determine how many sales have been generated by digital ad campaigns.
The company already tracks and monetises pretty much every online activity going, from individuals’ search history to geographic location, but this new measure sees that dominion extend into the realm of physical shops – something the Electronic Privacy Information Centre (EPIC) wants the FTC to investigate.
“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” Marc Rotenberg, EPIC’s executive director.
According to the Washington Post, a legal complaint filed by the privacy group claims Google is leveraging the credit and debit card information of the majority of US consumers, without providing a meaningful way for individuals to opt out. The group also alleges that Google is using this sensitive information in a method that is vulnerable to data breaches and that it should be audited by third parties.
Google has said that its Store Sales Measurement program makes use of 70% of US citizens’ credit and debit card information. In a statement, the company said that it has “invested in building a new, custom encryption technology that ensures users’ data remains private, secure and anonymous”.
This isn’t good enough for the privacy group, which wants US authorities to review the algorithms themselves. According to the Washington Post, EPIC cite the database technology Google’s scheme is based on – CryptDB – as having known security flaws. In 2015, Microsoft researchers successfully hacked health records stored using CryptDB.
Google says that users can opt out of ad tracking by unchecking “Web and App Activity” within their Activity Controls settings, but EPIC claim the descriptions of these options are unclear, and that Google still stores click data even when “Web and App Activity” is unchecked. The group also points to the fact that Google won’t disclose which companies are providing it with shopping transaction records, which only adds to the general opaqueness of a process that could see customers’ medical conditions or religious beliefs leverages without their explicit knowledge.