Alphabet’s Google division is facing fresh privacy complaints, after a group of ten European consumer groups banded together against the firm.

The ten consumer groups, under the co-ordination of the European Consumer Organisation (BEUC), announced they are taking action to ensure that Google complies with the law, particularly the privacy by design and by default required by the General Data Protection Regulation (GDPR).

The groups are apparently making official complaints to their respective privacy watchdogs, alleging that Google is harvesting a vast amount of users’ personal data via their Google accounts.

A Google data centre in Oklahoma. Image credit: Google

Repeat offender

It comes as recent research from ExpressVPN warned that millions of Britons are worried, or very worried, about how much companies can know about their Internet search history.

Indeed the research highlighted how people are sharing their online surfing secrets with Google, but not with their friends.

The deputy director general of the BEUC meanwhile has described Google as a repeat offender, pointing out that the BEUC filed complaints in late 2018 “against Google’s location-tracking practices and the Irish Data Protection Commissioner in charge has still not issued a decision on the case.”

But now concern is centred around how much data Google still collects “using deceptive design, unclear language and misleading choices when consumers sign up to a Google account to encourage more extensive and invasive data processing.”

“Tech giant Google is unfairly steering consumers towards its surveillance system when they sign up to a Google account, instead of giving them privacy by design and by default as required by the General Data Protection Regulation (GDPR),” the group stated.

“Contrary to what Google claims about protecting consumers’ privacy, tens of millions of Europeans have been placed on a fast track to surveillance when they signed up to a Google account,” said Ursula Pachl, deputy director general of the BEUC.

Ursula Pachl, deputy director general of the BEUC

Complex opt-out?

“It takes one simple step to let Google monitor and exploit everything you do,” said Pachl. “If you want to benefit from privacy-friendly settings, you must navigate through a longer process and a mix of unclear and misleading options.”

“In short, when you create a Google account, you are subjected to surveillance by design and by default,” said Pachl. “Instead, privacy protection should be the default and easiest choice for consumers.”

The BEUC pointed out that a consumer can choose to create a Google account voluntarily or be obliged to create one when they use certain Google products and services. For example, they must create an account when they buy a smartphone that uses Google’s Android system, if they want to download apps from the Google Play store.

Signup is the critical point at which Google makes users indicate their ‘choices’ about how their Google account will operate, the BEUC noted. With only one step (“Express personalisation”), the consumer activates all the account settings that feed Google’s surveillance activities. Google does not provide consumers with the option to turn all settings ‘off’ in one click, it stated.

The group said that if consumers want to activate the more privacy-friendly options, this requires “Manual personalisation”: five steps with ten clicks and grappling with information that is unclear, incomplete, and misleading.

“Regardless of the path the consumer chooses, Google’s data processing is un-transparent and unfair, with consumers’ personal data being used for purposes which are vague and far reaching,” it alleged.

Individual actions

Ursula Pachl noted that the BEUC’s previous complaints about location tracking are still not resolved.

“Meanwhile Google’s practices have not changed in essence,” said Pachl. “The tech giant still carries out continuous tracking and profiling of consumers and its practices set the tone for the rest of the market. We need swift action from the authorities because having one of the biggest players ignoring the GDPR is unacceptable.”

The ten European groups complaining are a French consumer group, as well as others in Greece, the Czech Republic, Norway and Slovenia.

The German group has sent a warning letter to Google – the first step before a civil lawsuit.

Groups in the Netherlands, Denmark, Sweden have also written to their national regulators.

The BEUC also said that “US consumer groups from the Transatlantic Consumer Dialogue (TACD) network are also sending a letter today to the Federal Trade Commission (FTC) denouncing Google’s practices.”

Google statement

Google responded and told Reuters that users can choose from different options when they open a Google account.

“These options are clearly labelled and designed to be simple to understand,” said a Google spokesperson. “We have based them on extensive research efforts and guidance from DPAs (data protection authorities) and feedback from testers. We are committed to ensuring these choices are clear and simple.”

Google has been fined more than 8 billion euros ($8.4 billion) by EU antitrust regulators in recent years, and is the focus of two ongoing antitrust investigations.

It could face fines worth up to 2 percent of its global turnover if found guilty of breaching EU privacy rules.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

14 hours ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

15 hours ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

16 hours ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

1 day ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

2 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

2 days ago