Privacy Watchdog Asks FTC To Look Into Google's Offline Shopping Tracker

An anonymous reader quotes a report from Ars Technica: A privacy advocacy group has filed a formal legal complaint with the Federal Trade Commission, asking the agency to begin an investigation "into Google's in-store tracking algorithm to determine whether it adequately protects the privacy of millions of American consumers." In the Monday filing, the Electronic Privacy Information Center (EPIC) said it is concerned with Google's new Store Sales Management program, which debuted in May. The system allows the company to extend its online tracking capabilities into the physical world. The idea is to combine credit card and other financial data acquired from data brokers to create a singular profile as a way to illustrate to companies what goods and services are being searched for online, which result in actual in-person sales. Because the algorithm that Google uses is secret, EPIC says, there is no way to determine how well Google's claimed anonymization feature -- to mask names, credit card numbers, location, and other potentially private data -- actually works. While Google has been cagey about exactly how it does this, the company has previously revealed that the technique is based on CryptDB.

Already pervasive across all credit cards

[NineNine]

Multiple credit card companies are already doing this. Our merchant services company offered us this same data. Of course Google is tracking everything you do. But they can only do it with the willing help of Visa/Mastercard.

Re:google , do no evil

[ravrazor]

Exactly - I consider myself pretty technology-literate. A couple of weeks ago, about 15 minutes after leaving a Burger King, a message popped up in my email thanking me for my "recent visit" and asking me to fill out a survey about how satisfied I was. I had NOT paid for anything (paid by friend), or used any sort of personal identifier except for walking in IRL. It's happened with another store or two since.

The only thing I could narrow it down to was Google Maps, as usual not actually exiting when it was quit and running quietly in the background. Whether that means it is sending records of my physical location to Google constantly, or somehow listening all the time to be triggered by some signal when I enter a store is irrelevant.

It is done by something Google is doing on my phone (and millions of others), is a complete breach of privacy, and not based on anything as specific as a credit card as I never made purchases in most places it asked about and they don't have any of my card info.