Google is using deceptive design, unclear language and misleading choices when consumers sign up to a Google account to encourage more extensive and invasive data processing in blatant breach of GDPR.
That is the damning claim at the heart of a raft of new GDPR complaints filed by ten consumer groups, coordinated by the European Consumer Organisation (BEUC) and including organisations in France, the Czech Republic and Norway. The groups allege that the tech giant is thwarting consumers who want to better protect their privacy.
BEUC deputy director general Ursula Pachl said: “Contrary to what Google claims about protecting consumers’ privacy, tens of millions of Europeans have been placed on a fast track to surveillance when they signed up to a Google account.
“It takes one simple step to let Google monitor and exploit everything you do. If you want to benefit from privacy-friendly settings, you must navigate through a longer process and a mix of unclear and misleading options.
“In short, when you create a Google account, you are subjected to surveillance by design and by default. Instead, privacy protection should be the default and easiest choice for consumers.”
According to BUEC, consumers have no choice but to open a Google account to use many of its products and services. For example, they must create an account when they buy a smartphone that uses Google’s Android system, which almost seven in ten phones worldwide (69%) depend on, and also if they want to download apps from the Google Play store.
Sign-up is the critical point at which Google makes users indicate their ‘choices’ about how their Google account will operate. With only one step (“express personalisation”), the consumer activates all the account settings that feed Google’s surveillance activities. Google does not provide consumers with the option to turn all settings ‘off’ in one click.
If consumers want to activate the more privacy-friendly options, this requires “manual personalisation”, BUEC argues, which involves five steps with ten clicks and grappling with information that is unclear, incomplete, and misleading.
Regardless of the path the consumer chooses, Google’s data processing is opaque and unfair, with consumers’ personal data being used for purposes which are vague and far reaching, the complaint alleges.
Many of these problems are not new as BEUC and its members launched a series of coordinated complaints in November 2018 about Google’s processing of consumers’ location data but these complaints remain unresolved.
More than four-fifths (81%) of Google’s revenues come from its advertising operations, according to Statista, which also forecasts the company will earn £190bn in 2022 from advertising alone; almost double the amount of its closest competitor, Meta-owned Facebook.
Pachl added: “Google is a repeat offender. It is more than three years since we filed complaints against Google’s location-tracking practices and the Irish Data Protection Commissioner in charge has still not issued a decision on the case.
“Meanwhile Google’s practices have not changed in essence. The tech giant still carries out continuous tracking and profiling of consumers and its practices set the tone for the rest of the market.
“We need swift action from the authorities because having one of the biggest players ignoring GDPR is unacceptable. This case is of strategic importance for which cooperation among data protection authorities across the EU must be prioritised and supported by the European Data Protection Board.”
GDPR four years on: €1.6bn in fines but issues remain
EasyJet ‘slap on wrist’ shoots down £18bn class action
How will UK data reforms hit the marketing industry?
Data regulators wield big stick as GDPR fines top €1bn
Decision Marketing at 10: How GDPR changed the world
Targeted ads use ‘illegal surveillance’, lawmakers told
War on ‘illegal’ adtech RTB heads to the German courts
‘Super-regulator’ puts TikTok, AI and adtech on notice