ACCC sues Google over user data scraping

The ACCC has taken Google to court accusing the search giant of failing to adequately inform customers about how their personal data was collected and used.

The regulator will allege that Google did not obtain customers’ informed consent before implementing a strategy involving combining information from users’ Google accounts with information about their activities on non-Google sites using Google technology for the purposes of targeted advertising.

This new practice meant data about users’ non-Google online activity became linked to their names and other identifying information held by Google, whereas previously the information had been kept separate and not linked to individual users, the ACCC said.

The ACCC will also accuse Google of misleading consumers about a related change to its privacy policy accommodating this practice.

This change involved taking out text promising not to combine DoubleClick cookie information with personally identifiable information without a user’s opt-in consent and replacing it with text stating that this data matching may take place “depending on your account settings”.

This is despite Google’s own policy stating that the company “will not reduce your rights under this Privacy Policy without your explicit consent”.

According to the suit, between 28 June 2016 until at least December 2018 Google was requiring account holders to click “I agree” to a notification allowing Google to collect and store a much wider range of personal information about the online activities of Google account holders.

The ACCC will allege that this notification was misleading because customers could not have properly understood the changes Google was making nor how their data would be used based on its wording.

“We believe that many consumers, if given an informed choice, may have refused Google permission to combine and use such a wide array of their personal information for Google’s own financial benefit,” ACCC Chair Rod Sims said.

“We are taking this action because we consider Google misled Australian consumers about what it planned to do with large amounts of their personal information, including internet activity on websites not connected to Google.”

According to the ACCC, Google made assertions that it would not be able to combine DoubleClick’s data on consumers’ internet activity with its own data about consumers’ activity on Google services as part of its application to be able to acquire DoubleClick in 2008.

Google has since replaced the DoubleClick brand with its Google Ad Manager and Google Marketing Platform brands, but retains the underlying technology.

Image credit: ©stock.adobe.com/au/metamorworks