A consumer fraud lawsuit brought by the Arizona attorney general’s office in May 2020 will be settled by Google for $85 million, in what will be one of the largest payments of its type in state history. Arizona accused Google of violating the state’s Consumer Fraud Act by continuing to collect user information for location tracking even after they had opted out, racking up massive profits in the process.
Arizona Attorney General Mark Brnovich says that the state opened the investigation in 2018 after an AP report found that certain Google apps continue to log and store user location history even after they have opted out. The report sparked calls for action from a number of members of Congress.
Google location tracking settlement will provide big boost to Arizona state coffers
The AP investigation that sparked all of this stemmed from research conducted at Princeton that found Google apps such as Maps, the weather app and the search bar would pinpoint user locations with varying degrees of accuracy (down to the square foot in the most invasive cases) and log them even if the user had disabled “Location History.” The issue was discovered when researchers noticed that Google was prompting them to review retail locations they had visited even when they had Location History entirely disabled on their devices.
At the time of the report, Google’s legal argument was that users should know that turning off “Location History” did not actually disable “device-level Location Services” in some apps. Google also claimed that disabling “Web & App Activity” would stop this added location tracking, but researchers soon found that this setting does not put an end to all of its collection of location data. This information is incorporated into Google’s targeted advertising system, which made the company a little over $209 billion in 2021.
In addition to providing a major boost to Arizona’s general fund, the settlement amount is one of the largest Google has paid for privacy-related issues. The company recently paid a $100 million settlement in Illinois for alleged violations of that state’s unique biometric privacy laws in its tracking of pictures uploaded to its photo app. While these are substantial penalties, they are far from an existential threat to Google’s estimated annual total revenue of about $257 billion. Some legal observers believe Google has simply settled into paying fines of this sort as a cost of doing business rather than seeing them as an impetus to change problematic privacy behaviors.
The company has been given a rougher time in the EU in recent years, paying a total of about €8.2 billion since 2017 for assorted violations of antitrust rules and privacy laws. Google has faced a fresh wave of lawsuits in 2022, however, as several states have coordinated to take it to court over the use of “dark patterns” to coerce users into consenting to location tracking. Some states, such as California, have specifically outlawed the use of dark patterns due to the way in which they are used by major tech platforms. A group of lawmakers tried to ban them at the federal level via the Deceptive Experiences to Online Users Reduction (DETOUR) Act, which was introduced in 2020 but never voted on. The bill has recently been re-introduced but faces tough circumstances due to an upcoming midterm election followed shortly by breaks for Thanksgiving and Christmas.
Chain of location tracking penalties haunts Google, but will they make a difference?
At this point Google has a long history of surreptitious location tracking that is hard to disable (sometimes impossible), dating back at least as far as 2017 when it was found to be collecting data from nearby cell towers; even removing the phone’s SIM card would provide no protection from this so long as the phone was connected to the internet. Google has since ended that practice, but only after strong media-driven backlash.
Google has little impetus to change its practices if these periodic fines do not significantly bite into its massive advertising profits, however, and so far they are really not making much of a dent. The company’s primary tactic for sliding location tracking under the radar appears to be making specific exceptions for specific apps that can be disabled by the user, but only if the user goes into that specific app and combs through its settings. Android users were first lulled into a false sense of security with the Location History setting, and then the Web & App Activity setting, believing that those covered all of the privacy bases. But there are exceptions that involve location tracking, such as a specific “save location” setting found in Google Photos that has to be manually disabled within the app. Studies have also found telemetry settings that are impossible to turn off on the phones of specific manufacturers, and this information is managing to wind its way back to targeted advertising programs.