The ACCC’s win showed that even turning off location history isn’t enough to tell Google not to keep a history of your location.
The notion that a company as big and ubiquitous as Google would resort to deliberately misleading and deceiving Australians into giving away what they thought was private information about themselves is shocking, to say the least.
But that’s exactly what was revealed last week, when the Federal Court of Australia agreed with the Australian Competition and Consumer Commission and found that Google engaged in misleading and deceptive conduct when it kept collecting and storing location data from Android phones, even after users had explicitly turned their phone’s “Location History” setting to “off”.
It seems that turning off location history wasn’t enough of a signal to Google, to tell it to stop keeping a history of your location. You had to turn it off in another place in your Android phone, too (“Web & App Activity”), before Google really took you seriously and stopped tracking you.
It’s shocking behaviour, to be sure, but it’s hardly surprising.
Google’s business model is, at its core, a Faustian bargain for consumers, in which we agree to be surveilled by a giant American company in exchange for services which we might otherwise have to pay good money for.
And the thing about Faustian bargains is, there is always a devil on one side of the transaction.
There is a devil, even when that side of the transaction has a corporate motto of “Don’t be evil”.
Or, rather, Google had the motto “Don’t be evil” right up until April or May 2018, the very time the company started engaging in the misleading and deceptive conduct it’s just been found guilty of.
That may well be a mere coincidence, but even if it is, it’s one that Google’s lawyers would do well to exploit in the upcoming damages phase of the ACCC they just lost.
Yes, OK, it’s true we tried to be misleading and deceptive, the lawyers could argue, but was anyone actually fooled by our conduct? Everyone knows we stopped being not evil that very month. They would have known something was up!
But, actually, people didn’t know, and they were fooled into submitting to Google’s surveillance, the court found.
If you think it’s confusing, having to turn location tracking off in two, seemingly unrelated places before it’s actually turned off, well so did Google’s own engineers, who in internal emails described the overlap between the “Web & App Activity” settings and the “Location History” settings as “crazy confusing”.
“The current UI [User Interface] feels like it is designed to make things possible, yet difficult enough that people won’t figure it out. New exceptions, defaulted to ‘on’, silently appearing in settings menus you may never see,” one engineer wrote.
Not everyone at Google is the devil, it seems. Some of the engineers appear to be on the side of the angels, at least.
The case means a lot of things to a lot of different people.
It’s likely to have major ramifications for all software makers, who may now find it more difficult than ever to hide behind complicated “Clickwrap” fine print and confusing user settings, when they want to sneak terms and conditions past consumers, for instance.
Google’s lawyers argued nobody who read all the screens of information available to Android users would have been misled into thinking Google wasn’t tracking their movements when they thought they weren’t being tracked.
But the Federal Court saw past that argument, and found that there was a meaningful class of reasonable phone users who would have read some of the settings and information screens in Android, but not all of the screens, and who would have been misled or deceived.
“The question is not whether, on close analysis of written material by the Court after detailed argument, the various screens can be seen to be strictly accurate. The question is whether Google’s conduct as a whole ... was misleading or deceptive or likely to mislead or deceive,” Justice Thomas Thawley wrote in his decision.
Symptom or the cause?
But the case also goes some way towards addressing one of the biggest debates in the community of regulators, academics and activists who are all trying to rein in the excesses of big tech.
Should we go after the symptoms of the problem, or should we just go after the cause?
The symptoms are well documented. They’re things like the genocide in Myanmar being helped along by Facebook’s failure to crack down on hate speech; or Facebook’s role in the Christchurch massacre and in the manipulation of the 2016 US presidential election; or Google hoovering money out of the media industry to the point where the whole notion of the Fourth Estate is in jeopardy.
The underlying cause of the malaise is equally well known. It’s the fact that we’ve allowed a few American companies to become fat on our personal data, ceding them control of what information we see, and where and when we see it.
Exponents of going straight to the cause will tell you that nothing short of a wholesale review of privacy laws, of who gets to own and control the personal data of the world’s citizens, is ever going to work. Unless you address the problem at its root, dealing with the symptoms is only ever going to be a constant game of Whac-A-Mole.
They have a point, to be sure. Google could be forced to stop deceiving us into giving it our personal data, and still it would have and control our personal data.
But Rod Sims, the chairman of the ACCC, has a point, too, when he says that we need to go after big tech with every weapon in the arsenal, if for no other reason than these measures will all help bolster privacy in the long run.
Using competition law to undo big tech monopolies, he says, will allow competitors to flourish that offer better privacy options than do Google and Facebook.
And using consumer law to address things such as deceptive and misleading conduct, as the ACCC has done in this case, will help ensure that companies such as Google have to do what they say they’re doing, once they’re forced to compete for users on the basis of who has the best privacy settings.
It all adds up. You can’t tell users you’re not tracking their location when you secretly are.
That wouldn’t just be evil. It would be illegal, too.