Privacy Group Files Complaint Over New Google Ad Program

The Electronic Privacy Information Center filed a legal complaint with the Federal Trade Commission over Google’s Store Sales Measurement, a new advertising program that connects consumers’ online activities with purchases in retail stores. According to the complaint, Google now has access to U.S. consumers’ credit and debit card purchase records, but doesn’t reveal how it gets the information and uses a secretive method to protect it. The complaint states that consumers should be provided a way to opt out of the program.

The Washington Post reports that the Electronic Privacy Information Center also alleges that Google’s method of protecting the data, which is based on CryptDB, “should be audited by outsiders and is likely vulnerable to hacks or other data breaches.”

Google_Headquarters_Logo

“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” said the Center’s executive director Marc Rotenberg. Google executives, however, say the program is a “revolutionary” breakthrough in enabling advertisers to track consumer behavior, and adds that it has “invested in building a new, custom encryption technology that ensures users’ data remains private, secure and anonymous.”

The Store Sales Measurement program was detailed by The Post in May, but Google “said that, for the first time, it would be able to prove, with a high degree of confidence, that clicks on online ads led to purchases at the cash register of physical stores,” based on having “obtained access to the credit and debit card records of 70 percent of U.S. consumers.”

A “mathematical formula” then “anonymize[s] and encrypt[s] the transaction data, and then automatically match[es] the transactions to the millions of U.S. users of Google and Google-owned services such as Gmail, search, YouTube and maps.”

The Privacy Center wants the government to review the algorithm rather than simply believe Google’s claims for it, noting that “researchers hacked into a CryptDB-protected healthcare database in 2015, accessing more than 50 percent of the stored records.”

The privacy group wants consumers to be able to “make an informed decision about which cards not to use or where not to shop if they don’t want their purchases tracked,” and adds that “purchases can reveal medical conditions, religious beliefs and other intimate information.” Google counters that it does not “have access to the names or other personal information of the credit and debit card users, and that it does not share any information about individual Google users with partners.”

Furthermore, says Google, users of Google products can opt out by going to the My Activity Page, clicking on Activity Controls and unchecking “Web and Web Activity.”