A new 55-page report from Digital Content Next and Vanderbilt University on Google data collection practices has raised new questions about the extent to which the top tech companies in the world collect and collate user data without their permission or knowledge. The report, authored by Douglas Schmidt, a professor of Computer Science at Vanderbilt, is a detailed look at “a day in the life” of a typical Internet user, offering a never-before-seen look at just how much data Google collects on the average user.
Findings from the “Google Data Collection” report
One theme that emerges from the “Google Data Collection” report is that Google tries to learn as much as possible about every single user on a continuous basis. This includes data collected during direct interaction with Google services and products – such as Google Search and Google Maps, as well as during indirect interaction when the Google Chrome browser might be running in the background. According to Professor Schmidt, the major part of all Google data collection actually occurs when users are not directly engaged with any products. In fact, passive data collection (when Google is collecting data in the background) is now twice the scale of active data collection (when users are directly engaging with Google products and Google services).
This is a particularly salient point about Google tracking, since many Internet users mistakenly assume that tech companies cannot collect data on them when they are not using their products or services. But that is simply not the case, as illustrated by the “Google Data Collection” report. The researchers examined just how frequently Android and iOS devices submitted data to Google servers, and the final result was astounding: an Android device with a Chrome browser communicates location data back to Google 340 times per 24-hour period, or an average of 14 data communications per hour. And, in fact, an Android device communicates with Google 10 times more frequently than an iOS device. (Which makes sense since Android is a Google operating system) Even if you do not have a Google account and do not use Google applications, you will still be tracked, as long as you are using an Android phone.
Warnings about Google and “surveillance capitalism”
It’s perhaps no surprise, then, that the authors of the “Google Data Collection” report have referred to Google data collection practices as an advanced form of “surveillance capitalism.” User data is the fuel for Google’s business model, which is primarily driven by online advertising revenue. Thus, the more data that Google collects about users, the more it is able to offer perfectly tailored data for potential advertisers. When you know what terms people are searching for online, where they go each day, and what content they are consuming on a daily basis, it’s possible to construct very sophisticated profiles of users. It’s the reason why online ads now account for a staggering 86% of Google’s total revenue.
The most disturbing part about the tremendous amount of data and information that Google is collecting about users is that a growing proportion of all data samples are related to location data. In fact, according to the “Google Data Collection” report, location data comprises more than one-third (35%) of all data communicated back to Google. This is made possible by frequent check-ins with cellphone towers, wireless networks and Bluetooth beacons. And, make no mistake about it, the ability to track individuals is very precise. According to the researchers, Google is able to pinpoint the exact floor within a building where an individual is located.
Why location tracking is such a contentious issue
Location information is a particularly contentious issue within the world of data privacy because it is the key to linking the online and offline profiles of users. Although Google denies that it uses any cross-correlation to transform anonymous user data into sophisticated profiles of specific users, the report makes clear that the potential for abuse is clearly present.
And, in fact, Google has already faced mounting suspicions about the way that it analyzes and collects user location data. The AP, for example, recently uncovered the fact that Google continues to collect location data on users, even when users have specifically toggled the privacy settings that turn off Location History. In other words, even when users made concerted efforts to go “incognito” and make it impossible for Google to track them, their user location data was still being recorded and logged. In order to fully turn off location tracking, users have to go through the laborious and painstaking process of turning off tracking related to “web and app privacy” – a fact that Google conveniently makes difficult to discover and implement. Google, for its part, says that it only uses this location data to improve the overall experience with services such as Google Assistant.
New regulatory actions on the horizon
As a result, there is growing sentiment that some form of federal regulation related to user privacy needs to be enacted within the United States, which is still the home of the world’s largest and most powerful tech companies. For years, the big tech giants – such as Facebook and Google – have told us that they are making changes to their policies, and taking every possible step to safeguard user privacy. But are they, really?
2018 has been the year of misstep after misstep for the tech sector’s biggest companies. At the beginning of the year, Facebook CEO Mark Zuckerberg was dragged in front of Congress in order to explain his company’s policies and procedures, especially as they relate to Cambridge Analytica. And then, over the next six months, there has been a steady drip-drip-drip of other privacy scandals. Throughout it all, Google has largely escaped any form of regulatory backlash.
But this new “Google Data Collection” report, by making clear precisely how much data Google is collecting on users, could lead to a public outcry for regulators and legislators to do more. In a world where it has become impossible to do anything digitally without being tracked, it’s clear that data is big business worth tens of billions of dollars. Perhaps the only way to get Facebook and Google to make any real changes is by enacting stringent regulation along the lines of the European General Data Protection Regulation (GDPR), which provides for financial penalties in the case of any breach of user data privacy. If regulators are able to impact the bottom line at these top companies, that is when they might finally sit up and pay attention.