Slashdot Mirror
Man Sues Over Google's 'Location History' Fiasco, Case Could Affect Millions (arstechnica.com)
Last week, The Associated Press found that many Google services on Android devices and iPhones store your location data even if you've explicitly disabled the location sharing feature. As a result, Google has now been sued by a man in San Diego, who argues that Google is violating the California Invasion of Privacy Act and the state's constitutional right to privacy. Ars Technica reports: The lawsuit seeks class-action status, and it would include both an "Android Class" and "iPhone Class" for the potential millions of people in the United States with such phones who turned off their Location History and nonetheless had it recorded by Google. It will likely take months or longer for the judge to determine whether there is a sufficient class.
Also on August 17, attorneys from the Electronic Privacy Information Center wrote in a sternly worded three-page letter to the FTC that Google's practices are in clear violation of the 2011 settlement with the agency. In that settlement, Google agreed that it would not misrepresent anything related to "(1) the purposes for which it collects and uses covered information, and (2) the extent to which consumers may exercise control over the collection, use, or disclosure of covered information." Until the Associated Press story on August 13, Google's policy simply stated: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored."
Also on August 17, attorneys from the Electronic Privacy Information Center wrote in a sternly worded three-page letter to the FTC that Google's practices are in clear violation of the 2011 settlement with the agency. In that settlement, Google agreed that it would not misrepresent anything related to "(1) the purposes for which it collects and uses covered information, and (2) the extent to which consumers may exercise control over the collection, use, or disclosure of covered information." Until the Associated Press story on August 13, Google's policy simply stated: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored."
...turn location services off, completely? It's not hard to find.
Unless, Google are not *actually* turning it off when you turn it off - that would be a problem.
In a bizarre update to this story, this man was beaten to death in an alley. A single observer said only that the perpetrators almost seemed to know that he was headed toward them.
Are these both one in the same? I would think location sharing which is what the summary said he turned off is not the same as location history no?
.
The above doesn't apply to e911.
e911 does not work via Google.
The rest of your "argument" is bullshit.
Don't quit your day job and quit pretending to be an attorney.
Not frivolous if it violates California privacy law. Though a class action makes it sound like he decided to go to the wrong court. Honestly these bastards should have their license revoked under penal code 637.7 and every "always on" device maker such as Alexa, Cortana, ect.. Should be sued regardless of damages under penal code 631.
If you kill me, I won't sue you. Promise.
Fuck google, can we get a $10000000b fine?
This is one of the serious reasons we need to be able to root/custom Rom our Devices. Apple Users are defenseless on this front.
Google Location Services is built into pretty much every Stock Rom Android Smart Phone, no matter how "Vanilla" you get it with the sole exception of LineageOS Based Custom Roms. There is no switching it off, unless you intend to not use data or Wifi completely.
With LineageOS, you have UnifiledNlp which lets you choose your location provider, that can be Google, or it can be Mozilla, or it can be LocalGSM Backend or Local Wifi, which eliminates to some extent the tracking device and Privacy invasion aspects of Android Devices.
You can partially mitigate some of it by using OsmAnd~ for Android, but that only keeps your intended destinations safe, and not your actual history.
If your Stuck with a Stock Rom, because no LineageOS Rom exists for your device, there is Root+XPrivacy. If you can get Root. That might let you switch off Google Location services, but without a custom Recovery and a way to unroot, your device will soft brick on the next update. This is also an issue for LineageOS Users who get one unofficial LineageOS
Apple users are in even worse shape. The minute that Apple's leadership changes, to be more compliant with government's wishes, then Apple devices are suddenly hte biggest possible liability in terms of security.
That might be reasonable if the contested behavior were 'forwarding Nexus phone GPS location to e911', however that's not the issue. The issue is that running various Google apps on your phone causes your location to be stored on Google servers, even when Google explicitly claims they would not store your location on Google servers. Even if you're on an iPhone, in which case Google is in no way responsible for e911 location forwarding.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
I assumed Google's change of language was because apps like, say, Google Maps clearly need to know your location in order to function. Even if you have Location History turned off, that only affects the location history feature. Google Maps has to request maps from your current location, which means the server knows where you are... it has to, for the app to work. This information can easily end up in log files etc as part of the web requests for map data.
But your point is a much stronger ("We are legally required to" is pretty strong!) argument.
decided to go to the wrong court
nope. the person initiating the class action gets part of the lawyer's payout. usually 20-30%. so when you hear the lawyers make $20 million, you know the original plantiffs GOT PAID. that said, you can always opt out of the class and sue google yourself. it's a quick way to make a few thousand bucks if you can prove damages (not too difficult). it's those people who sue for 50k and then google responds, then turns around and slaps you with a $1m counterclaim. then the shit buckets hit the fan. but california courts are pro little people, so if you lost you could expect to only be out the money you sued for.
But your point is a much stronger ("We are legally required to" is pretty strong!) argument.
Why would they be required to do so on an iPhone? Or did you not bother to read the summary.
did I hear class action? yes, everyone affected will end up with a cheque for $6.28 AND the lawyer will have a brand new Gulfstream.
If Google is “only” doing this to provide e911 service, why were they also collecting location data for iPhone users who aren’t using Google Voice?
And if the state constitution provides a right to privacy, then a violation of said privacy would constitute harm, in and of itself (not to mention that it may be a breach of contract, given that they acted contrary to their own privacy policies). Harm needn’t be monetary for people to have standing in court.
What google is doing likely violates GDPR in several ways, so if they really want to get Google, then that is the way to go, as the European authorities currently regard Google as their personal piggy bank, That they are suing them allegedly kinda indicates the motive is more profit (by the legal team).
No, Google Maps only says it needs to know your location. I never allow it, and it still works as a map, i.e. to let you explore places.
The issue is that running various Google apps on your phone causes your location to be stored on Google servers.
And switching of location storing for one of those apps, it switches off location storing vor exactly that app. The other "various apps" are not effected.
bickerdyke
Supporting e911 doesn't specify a required accuracy. The law is met by turning on location services as soon as you dial 911. I read somewhere a while back that's how Advanced Mobile Location services are implemented for emergency response in Android. TTF on GPS with A-GPS is shorter than the call setup time to emergency services.
I wish that I could just use a dumb phone, but some important services require you to use their programs.
For example, instant messaging like WeChat and digital wallet like Alipay requires you to use their programs, and if you live in China you will find that everyone use them and you HAVE TO use them for your job and some stores do not accept cash.
One can always dream...
BTW, please use the term "program" instead of "app".
I rarely go to Slashdot anymore, because it's shit. But any time I do, oh look. It's the sad case who follows creimer around. Fucking hell. Still can't find anything better to do? Fuckin' tragic.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
In the end, class action suits are a way for consumers (or society as whole, depending how you look at it) to punish companies for bad behavior. For society (and perhaps the individual plaintiffs), the punitive aspect of the judgement is more important than the payout and the cost of prosecution, thus the cost of justice, is the lawyer's fee.
Just because the lawyer's motivation may be profit doesn't mean that their action doesn't benefit the collective good. Class action suits are how consumers punish powerful private organizations like big corporations. They are a deterrent against bad behavior and a means for justice. The greatest direct financial benefit may go to the lawyer, but the benefits reaped by society-as-whole outweigh it by a wide margin. A bargain really.
You do NOT need two-way comms to use GPS. Its trivial to store a map and then have the GPS receiver plug in dots on the map, all done locally. There is zero NEED to have location tracking on at all times. >. Google Maps has to request maps from your current location
You can store maps for offline use, everything to make GPS and maps functional can be done without continuously tracking the user.
Good-bye
As soon as I read the report, I immediately wondered if a class action lawsuit would happen. I would love to see these tech companies get nailed against the wall for their obnoxious privacy abuses, especially in an age where info crimes are skyrocketing.
The only thing I'm not sure about... don't you have to demonstrate some kind of harm or injury? How would this work?
"It will likely take months or longer for the judge to determine whether there is a sufficient class. "
If you're not classy enough, you're not gonna get it!
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Seems to me the only thing Apple users have is faith. That has never protected anybody in human history. It has made tons of morons feel better though.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Because obviously there's no point in discouraging bad behaviour by a large company unless you receive a large personal settlement, or what exactly is the argument here? I've been involved in multiple class action suits, including the IBM Deathstar debacle, and couldn't care less about the token amount of money that came out at the end, or what the involved lawyers walked away with - IBM refused to take responsibility for its own actions, and the class action was more than justified. Google doesn't exactly appear to be behaving any better, even if you don't personally value privacy. A slap on the wrist may not be much of a long-term deterrent, but it does have the benefit of shaping public opinion and setting a precedent - which has far more lasting impact than whatever trivial compensation emerges.
To be fair, the exact rationale for why Google is doing this has not been provided. While there is rampant speculation in the comments here, there is nothing that concretely indicates one way or another why this collection was still taking place. If it is for the e911 case as some have suggested, there are exceptions for law enforcement and emergency services built into the GDPR as well that bypass the need for the consent of the data subject - specifically Article 6(1)(c) and (d). Some member states also have opt-in/opt-out mechanisms for consent at the constitutional level that takes precedence over EU Regulation, but this is a long way off from being explored or tested in court.
Trivially bypassed. It's a cell phone. Google can just check what tower you're on.
How exactly? Remember App Store apps do not have access to things like cell tower info.
You do get that turning off "location services" doesn't turn off the GPS hardware, right?
You do get you are an idiot who doesn't understand that would totally destroy battery life, right??
Apple was already caught keeping a log of every tower and every MAC address (both wifi and Bluetooth) an iPhone encountered, along with GPS coordinates.
Which was never sent to Apple... But that doesn't fit in your Hater narrative.
I'll let you have the last word since you don't even understand what the devices are actually doing with GPS hardware, I have limited time to waste on idiots and you've exceeded my allotment for today.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Then either they make a huge warning label that when off youmight die and they arenot responsible, or you do not make it possible to turn off.
You can not say it is off when it is not. That is called lying.
Don't fight for your country, if your country does not fight for you.
Those are some interesting facts that have no relevancy here for three simple reasons:
1) Google does not provide and is not required to provide e911 support for iPhones, so the supremacy clause has no applicability there. It doesn't compel them to engage in data collection on that platform, nor does the clause protect them from any penalties against data collection that would otherwise apply.
2) Inasmuch as they are required provide e911 support (e.g. Android), Google is NOT required to store the location data. They merely need to ensure that the data is forwarded from the device to the 911 call center, so the supremacy clause does not provide them with protection from legal or contractual obligations that otherwise forbid them from storing that data...such as the constitution of California and their agreed upon privacy policy.
3) Inasmuch as they are required provide e911 support, Google is NOT required to collect the data on a 24/7 basis. They merely need to forward it in response to the caller initiating a 911 call, so the supremacy clause does not provide them with protection from legal or contractual obligations that forbid them from collecting that data.
Really, e911 support and the supremacy clause are nothing more than red herrings you guys are bringing up that have zero relevance to the discussion. Google is collecting location data regardless of whether they are required to support e911 or not, they are storing that data despite there being no requirement that they do so, and they are flagrantly disregarding the laws and policies forbidding them from doing so