Even Google engineers are confused about Google’s privacy settings
Google’s privacy settings don’t just confuse its users — they confuse its employees too, according to internal documents unsealed in a lawsuit over Google’s data collection.
“The current UI feels like it is designed to make things possible, yet difficult enough that people won’t figure it out,” one Google employee said, according to the heavily redacted documents that were newly unsealed today. The lawsuit was originally filed by Arizona Attorney General Mark Brnovich in May; the new information in the unsealed documents was first reported on by The Arizona Mirror.
“Even top-level Google employees do not understand under what conditions Google collects location data,” Brnovich and his team wrote in the complaint.
The Arizona investigation was kicked off by a 2018 Associated Press article showing that Google services will store location data from your Android device or iPhone — even if you “pause” a setting called “Location History.” Even with that setting switched off, some Google apps automatically store location, along with a timestamp, anyway.
“I agree with the article,” a Google employee wrote in the documents released today. “Location off should mean location off; not except for this case or that case.”
Google says it is cooperating with the Arizona attorney general, and has supplied documents and answered questions raised by investigators. “Privacy controls have long been built into our services and our teams work continuously to discuss and improve them,” says Jose Castaneda, a spokesperson for Google. “In the case of location information, we’ve heard feedback, and have worked hard to improve our privacy controls. In fact, even these cherry picked published extracts state clearly that the team’s goal was to ‘Reduce confusion around Location History Settings’.”
The outrage over the way Google hid extra location settings in “Web and App activity” — deep in Google account settings — did eventually lead the company to improve how it surfaces its privacy toggles. Small changes over the past couple of years culminated in Google’s current policy, which is auto deleting location and search history by default for new users. Current users still need to visit their Activity Controls page to alter their settings.
But though Google has made changes, there is still obviously much more that it could do. The documents from the Arizona lawsuit make plain the confusion that users experience.
For instance, Google serves personalized ads to its users, and part of what it uses to personalize those ads are location data. It’s possible to turn off ad personalization by switching off a setting — but the complaint argues that won’t stop Google from serving you ads based on your location, it just means Google will assume that you’re within a general three kilometer area instead of using your exact GPS location on a map.
What’s more, switching off this setting apparently doesn’t change things for Google’s other ad service, DoubleClick, which is used to show ads on other websites. Removing location information from those ads requires a different user interface, and Google will still use general location information to target users.
The settings for DoubleClick have no effect on Google ad personalization, the complaint says. “Thus, a user who thought she had opted out of receiving ads based on her location is wrong on two counts: Google still serves her location-based ads (based on her coarse location) via that same offered such a setting daily basis,” the complaint reads. “At the same time, through these deceptive and unfair acts and practices, Google makes it impractical if not impossible for users to meaningfully opt-out of Google’s collection of location information, should the users seek to do so.”
Update August 26, 6:55PM ET: Adds Google spokesperson’s comments.
https://www.theverge.com/2020/8/26/21403202/google-engineers-privacy-settings-lawsuit-arizona-doubleclick