Google has improved its privacy practices significantly in recent years. Just look at the privacy improvements in Android or Google’s decision to store Google Maps location data on-device rather than in the cloud. It wasn’t necessarily because Google wanted to deploy these features. Pressure from Apple and regulators, as well as lawsuits, played a big role in Google’s pivot to privacy-first policies.
In theory, better user privacy would hurt Google’s bottom line. Giving users the ability to limit some tracking means advertisers would not be able to target them with personalized ads, which would benefit Google’s bottom line. But Google’s financials have improved in the past few years rather than taking a privacy-related hit.
With that in mind, Google’s decision to reverse a privacy-enhancing advertising rule is all the more surprising, as it feels like another big cash grab fueled by corporate greed.
Starting February 16th, advertisers can track users online using a technique called fingerprinting. Google banned fingerprinting in 2019 but reversed course last December. Regulators are already alarmed by Google’s tracking decision, which can negatively impact users.
Fingerprinting amounts to collecting user data that the user doesn’t necessarily agree to have collected, and that’s because of the type of data this technology can collect. Think of IP addresses, operating system details, screen resolution, battery percentage, and who knows what else your device might give advertisers.
On their own, these data points are meaningless. But when you combine all of them, you can create user profiles and track people online across the web and devices. Such profiling would allow advertisers to see what websites and services they use and target users with more personalized ads. In turn, Google can charge more money for ads.
Google doesn’t use the term fingerprinting in the support document that describes the privacy change. But Google makes it sound like fingerprinting will work with privacy at the core:
Internet Protocol (IP) addresses are already commonly used in the broader ads ecosystem to help marketers reach people across their customer journey and measure how their ads are working, especially on CTV. At Google, we have already been using these signals responsibly to fight against spam and fraud for years. Now, with new innovations like PETs [privacy-enhancing technologies] to mitigate risks, we see an opportunity to set a high privacy bar on the use of data like IP. We can do this by applying privacy-preserving protections that help businesses reach their customers across these new platforms [like connected TVs] without the need to re-identify them. And because we’re looking to encourage responsible data use as the new standard across the web, we’ll also partner with the broader ads industry and help make PETs more accessible.
I don’t know about you, but I don’t want to be tracked across devices. I do not mind seeing ads in streaming services, but they don’t have to be tailored to my preferences. And if an advertiser does want to collect that fingerprinting data and profile me, they better ask for permission.
Per TechRadar, the UK’s Information Commissioner’s Office (ICO) quickly reacted to Google’s announcement in December, calling it what it is: Fingerprinting.
The regulator uses the word “fingerprinting” 20 times in its response, while Google avoided it like the plague in the support document.
“The ICO’s view is that fingerprinting is not a fair means of tracking users online because it is likely to reduce people’s choice and control over how their information is collected,” ICO said. “The change to Google’s policy means that fingerprinting could now replace the functions of third-party cookies.”
“We think this change is irresponsible,” the ICO went on. “Google itself has previously said that fingerprinting does not meet users’ expectations for privacy, as users cannot easily consent to it as they would cookies. This, in turn, means they cannot control how their information is collected. To quote Google’s own position on fingerprinting from 2019: ‘We think this subverts user choice and is wrong.’”
The timing of Google’s announcement is also incredibly shady. The policy change dropped right before Christmas when the public was most likely to miss it. Google’s decision to let advertisers track users online even harder than before resurfaced because of that February 16th deadline.
The ICO said back in December that it’s engaging with Google on the matter. The agency also reminded advertisers that they’re bound to respect privacy laws even with fingerprinting:
In the meantime, there should be no doubt around any business’s obligations when it comes to fingerprinting and privacy. Data protection law, including the Privacy and Electronic Communications Regulations (PECR), applies. Businesses must give users fair choices over whether to be tracked before using fingerprinting technology, including obtaining consent from their users where necessary.
The regulator also said that advertisers looking to track users online via fingerprinting will have to demonstrate they’re complying with privacy laws. That means “providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure.”
ICO welcomed feedback from advertisers, announcing a consultation period that will end on February 20th.
It’ll be interesting to see how and when the European Union will react to Google’s policy change regarding fingerprinting. After all, the EU has been very tough on tech in recent years, including user privacy policies.
The post Google is giving away even more personal data in exchange for profits appeared first on BGR.
