European privacy moves are having a ripple effect around the globe. Reuters reported earlier today that Google now faces an investigation in Australia surrounding its location data collection practices from Android smartphone users.
Oracle, a staunch Google opponent, provided a market competition report to Australian regulators that asserts, “Alphabet receives detailed information about people’s internet searches and user locations if they have a phone that carries Android.”
There are two central claims in the Oracle document, according to the report: (1) consumers don’t fully understand, and therefore didn’t consent to, Google’s data collection practices; and (2) the transfer of data to Google is partly or entirely subsidized by consumers’ data plans.
A Google spokesperson told Reuters that the data is used with permission.
Last year, similar claims were made about Android smartphones in a Quartz report, including the idea that user location was being relayed to Google even when location services were turned off. At the time, Google said the tracking was used to improve the performance of certain services such as push notifications but wasn’t used for ad targeting purposes.
In 2016, mobile ad network InMobi agreed to pay nearly $1 million to settle Federal Trade Commission charges that it deceived consumers and tracked their locations without their consent when location services were turned off.
The FTC complaint asserted that “even if the consumer had restricted an application’s access to the location API, until December 2015, Defendant still tracked the consumer’s location and, in many instances, served geo-targeted ads, by collecting information about the WiFi networks that the consumer’s device connected to or that were in-range of the consumer’s device.”
The distinction between the InMobi example and Google’s collection of Android location data turns on user consent and potentially on Google’s purpose in capturing the data. However, the Australian competition and privacy regulators have their own rules and considerations.
Under GDPR in Europe, user location data can be used if made anonymous and can’t be tied back to individual identity. Under deterministic or inferable identity circumstances, explicit consent would be required, which Google says it has obtained in this case.
In March, a federal appeals court revived Oracle’s once-dead copyright suit against Google. The company has been trying to collect licensing fees from Google’s use of Java APIs in the Android OS. The suit is potentially worth billions to Oracle.