Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means – and claiming that Google makes it nearly “impossible” for users to opt out of such data tracking.
The lawsuit, filed by Arizona Attorney General Mark Brnovich, alleges that Google uses “deceptive and unfair conduct” to obtain Android users’ location data via various applications, services and technologies, which is then used for advertising purposes. The alleged data collection would violate the Arizona Consumer Fraud Act, a set of laws that give protections to consumers in various transactions related to the sale or advertisement of merchandise.
“Google has engaged in these deceptive and unfair acts and practices with the purpose of enhancing its ability to collect and profit from user-location information,” according to the 50-page complaint, [which was filed Wednesday](<https://www.azag.gov/sites/default/files/docs/press-releases/2020/complaints/Google_Complaint_FILED_5-27-2020.pdf>) in the Maricopa County Superior Court. “And profited it has, to the tune of over $134 billion in advertising revenue in 2019 alone. On information and belief, hundreds of millions of dollars of these advertising revenues were generated from ads presented to millions of users in the State of Arizona.”
[](<https://threatpost.com/newsletter-sign/>)
Public consternation around Google’s data-collection policies was first set off by a 2018 Associated Press [report](<https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not>), which claimed that Google services that are prevalent on both Android and iOS phones all store location data. The report alleged that Google would track users’ data even when they opt out of Google’s Location History feature, which collects data in order to personalize Google Maps.
This [most recent lawsuit](<https://www.azag.gov/press-release/attorney-general-mark-brnovich-files-lawsuit-against-google-over-deceptive-and-unfair>) claims that Google’s alleged deceptive tactics extend beyond the issues with Location History highlighted by AP’s report. The redacted, public complaint claims that Google uses other means to bring in location data – including via Wi-Fi scanning and connectivity, diagnostic data and information from Google apps in “recent versions of Android.” This makes it impractical – and even impossible – for users to opt out of location tracking, the lawsuit alleges.
“Given the lucrative nature of Google’s advertising business, the company goes to great lengths to collect users’ location, including through presenting users with a misleading mess of settings, some of which seemingly have nothing to do with the collection of location information,” said the lawsuit.
According to Brnovich, these claims are based on both testimony from Google employees “given under oath” and from internal documents that were obtained from Google over the course of a nearly two-year investigation.
Google, for its part, argued against the claims and told Threatpost that it looks forward “to setting the record straight.”
“The Attorney General and the contingency-fee lawyers filing this lawsuit appear to have mischaracterized our services,” Google spokesperson Jose Castaneda told Threatpost. “We have always built privacy features into our products and provided robust controls for location data.”
It’s far from the first time Google has found itself in hot water for its data-collection policies. The AP’s 2018 report led to a firestorm of complaints from both legal teams and activists – including a lawsuit filed in the [federal court of California](<https://www.documentcloud.org/documents/4777351-Gov-Uscourts-Cand-330787-1-0.html>), alleging that Google violates both California’s Constitutional Right to Privacy as well as California’s Invasion of Privacy Act.
In 2019, Google was [slapped with a $57 million](<https://threatpost.com/google-fine-privacy-gdpr/141055/>) (€50 million) fine for violations of the General Data Protection Regulation (GDPR) by France’s National Data Protection Commission (CNIL), for lacking transparency when it comes to how it collects and handles user data in the name of serving up personalized ads. And most recently, the [tech giant was hit with a lawsuit in February](<https://threatpost.com/lawsuit-claims-google-collects-minors-locations-browsing-history/153134/>) that alleges that it has been covertly collecting data of students via its G Suite for Education program, which offers its productivity services to students for free.
“This is a complicated and ongoing issue,” Thomas Hatch, CTO and co-founder at SaltStack, told Threatpost. “Large companies like Google have and will continue to push legal limits. That is to be expected. However, the technical nuance of this case makes it difficult to ascertain exactly how valid the arguments are. On one hand, it is good that governments are always pushing back on companies like Google in an ongoing effort to keep them in check. On the other hand, we must always question the motivations and viability of these cases.”
The Arizona Attorney General lawsuit did not clarify how much in damages it is seeking from Google, only saying: “Arizona brings this action to put a stop to Google’s deceptive and unfair acts and practices; force Google to disgorge all profits, gains, gross receipts, and other benefits obtained for the period of time when it engaged in any unlawful practice; recover restitution for Arizona consumers; and impose civil penalties for Google’s willful violations of the Arizona Consumer Fraud Act.”
**_Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On _**[**_June 3 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, _**[**_Taming the Unmanaged and IoT Device Tsunami_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_. Get exclusive insights on how to manage this new and growing attack surface. _**[**_Please register here_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_ for this sponsored webinar._**
{"id": "THREATPOST:6152D2C1CBC86705B1BBA6DA73D165F0", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "Google Location Tracking Lambasted in Arizona Lawsuit", "description": "Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means \u2013 and claiming that Google makes it nearly \u201cimpossible\u201d for users to opt out of such data tracking.\n\nThe lawsuit, filed by Arizona Attorney General Mark Brnovich, alleges that Google uses \u201cdeceptive and unfair conduct\u201d to obtain Android users\u2019 location data via various applications, services and technologies, which is then used for advertising purposes. The alleged data collection would violate the Arizona Consumer Fraud Act, a set of laws that give protections to consumers in various transactions related to the sale or advertisement of merchandise.\n\n\u201cGoogle has engaged in these deceptive and unfair acts and practices with the purpose of enhancing its ability to collect and profit from user-location information,\u201d according to the 50-page complaint, [which was filed Wednesday](<https://www.azag.gov/sites/default/files/docs/press-releases/2020/complaints/Google_Complaint_FILED_5-27-2020.pdf>) in the Maricopa County Superior Court. \u201cAnd profited it has, to the tune of over $134 billion in advertising revenue in 2019 alone. On information and belief, hundreds of millions of dollars of these advertising revenues were generated from ads presented to millions of users in the State of Arizona.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nPublic consternation around Google\u2019s data-collection policies was first set off by a 2018 Associated Press [report](<https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not>), which claimed that Google services that are prevalent on both Android and iOS phones all store location data. The report alleged that Google would track users\u2019 data even when they opt out of Google\u2019s Location History feature, which collects data in order to personalize Google Maps.\n\nThis [most recent lawsuit](<https://www.azag.gov/press-release/attorney-general-mark-brnovich-files-lawsuit-against-google-over-deceptive-and-unfair>) claims that Google\u2019s alleged deceptive tactics extend beyond the issues with Location History highlighted by AP\u2019s report. The redacted, public complaint claims that Google uses other means to bring in location data \u2013 including via Wi-Fi scanning and connectivity, diagnostic data and information from Google apps in \u201crecent versions of Android.\u201d This makes it impractical \u2013 and even impossible \u2013 for users to opt out of location tracking, the lawsuit alleges.\n\n\u201cGiven the lucrative nature of Google\u2019s advertising business, the company goes to great lengths to collect users\u2019 location, including through presenting users with a misleading mess of settings, some of which seemingly have nothing to do with the collection of location information,\u201d said the lawsuit.\n\nAccording to Brnovich, these claims are based on both testimony from Google employees \u201cgiven under oath\u201d and from internal documents that were obtained from Google over the course of a nearly two-year investigation.\n\nGoogle, for its part, argued against the claims and told Threatpost that it looks forward \u201cto setting the record straight.\u201d\n\n\u201cThe Attorney General and the contingency-fee lawyers filing this lawsuit appear to have mischaracterized our services,\u201d Google spokesperson Jose Castaneda told Threatpost. \u201cWe have always built privacy features into our products and provided robust controls for location data.\u201d\n\nIt\u2019s far from the first time Google has found itself in hot water for its data-collection policies. The AP\u2019s 2018 report led to a firestorm of complaints from both legal teams and activists \u2013 including a lawsuit filed in the [federal court of California](<https://www.documentcloud.org/documents/4777351-Gov-Uscourts-Cand-330787-1-0.html>), alleging that Google violates both California\u2019s Constitutional Right to Privacy as well as California\u2019s Invasion of Privacy Act.\n\nIn 2019, Google was [slapped with a $57 million](<https://threatpost.com/google-fine-privacy-gdpr/141055/>) (\u20ac50 million) fine for violations of the General Data Protection Regulation (GDPR) by France\u2019s National Data Protection Commission (CNIL), for lacking transparency when it comes to how it collects and handles user data in the name of serving up personalized ads. And most recently, the [tech giant was hit with a lawsuit in February](<https://threatpost.com/lawsuit-claims-google-collects-minors-locations-browsing-history/153134/>) that alleges that it has been covertly collecting data of students via its G Suite for Education program, which offers its productivity services to students for free.\n\n\u201cThis is a complicated and ongoing issue,\u201d Thomas Hatch, CTO and co-founder at SaltStack, told Threatpost. \u201cLarge companies like Google have and will continue to push legal limits. That is to be expected. However, the technical nuance of this case makes it difficult to ascertain exactly how valid the arguments are. On one hand, it is good that governments are always pushing back on companies like Google in an ongoing effort to keep them in check. On the other hand, we must always question the motivations and viability of these cases.\u201d\n\nThe Arizona Attorney General lawsuit did not clarify how much in damages it is seeking from Google, only saying: \u201cArizona brings this action to put a stop to Google\u2019s deceptive and unfair acts and practices; force Google to disgorge all profits, gains, gross receipts, and other benefits obtained for the period of time when it engaged in any unlawful practice; recover restitution for Arizona consumers; and impose civil penalties for Google\u2019s willful violations of the Arizona Consumer Fraud Act.\u201d\n\n**_Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On _**[**_June 3 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, _**[**_Taming the Unmanaged and IoT Device Tsunami_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_. Get exclusive insights on how to manage this new and growing attack surface. _**[**_Please register here_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_ for this sponsored webinar._**\n", "published": "2020-05-28T16:17:05", "modified": "2020-05-28T16:17:05", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/google-location-tracking-arizona-lawsuit/156082/", "reporter": "Lindsey O'Donnell", "references": ["https://www.azag.gov/sites/default/files/docs/press-releases/2020/complaints/Google_Complaint_FILED_5-27-2020.pdf", "https://threatpost.com/newsletter-sign/", "https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not", "https://www.azag.gov/press-release/attorney-general-mark-brnovich-files-lawsuit-against-google-over-deceptive-and-unfair", "https://www.documentcloud.org/documents/4777351-Gov-Uscourts-Cand-330787-1-0.html", "https://threatpost.com/google-fine-privacy-gdpr/141055/", "https://threatpost.com/lawsuit-claims-google-collects-minors-locations-browsing-history/153134/", "https://attendee.gotowebinar.com/register/1837650474090338831?source=ART", "https://attendee.gotowebinar.com/register/1837650474090338831?source=ART", "https://attendee.gotowebinar.com/register/1837650474090338831?source=ART"], "cvelist": [], "immutableFields": [], "lastseen": "2020-10-16T22:36:31", "viewCount": 46, "enchantments": {"dependencies": {"references": []}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_810DF820366411E18FE300215C6A37BB.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:050A36E6453D4472A2734DA342E95366"]}]}, "exploitation": null, "vulnersScore": 0.3}, "_state": {"dependencies": 1678918916, "score": 1678917189, "epss": 1678939848}, "_internal": {"score_hash": "0485c47972eeda755da9f6c1d9190a1b"}}
Google Location Tracking Lambasted in Arizona Lawsuit