A damning report by a renowned Computer Scientist has raked up the data privacy debate once again. The 55-page report published by Douglas C. Schmidt, a Vanderbilt University Professor is highly critical of the way Google collects user data and ignores user consent which is the guiding principle of the recently enforced EU GDPR.
Google has outrightly rejected the claim of Dr. Schmidt via an e-mail statement.
“This report is commissioned by a professional DC lobbyist group and written by a witness for Oracle in their ongoing copyright litigation with Google,” a Google spokesperson said. “So, it’s no surprise that it contains wildly misleading information.”
The insinuation here is on the fact that Oracle and Google are currently battling a $9 billion copyright case over the use of Java software used in the Android operating system.
This revelation comes close on the heels of another recent expose by Associated Press where it was stated that many Google services on Android devices were storing your location data even if your privacy settings didn’t allow it to do so.
Has data privacy gone for a toss? Yet again!
Here are a few examples on the current concerns around data privacy that Dr. Schmidt has highlighted in this report:
For downloading apps from Google Play Store and subsequently using these on Android devices, a Google Account is required. This becomes the route through which Google ends up collecting personal information such as use name, email and phone numbers, as alleged in this report. Moreover, if the user ends up subscribing for services like Google Pay, then their personal information such as credit card information also gets linked to their Google account.
Lot of repetitive information (name, address, email, phone number, etc.) that we tend to use a lot on the internet gets saved on the user’s local drive through the auto fill feature of the Chrome browser that we consent to. Did you know that if you log into Chrome using your Google Account and end up enabling the sync feature, your auto-filled information will also get stored on Google servers?
If collecting personal data was not itself a cause of worry, your Android device and the Chrome browser keep sending information to Google servers about your web browsing history as well as mobile app activities. Any web pages you visit get automatically tracked and Chrome has access to your download history, passwords, permission-levels for different websites, cookies and additional data.
The “translate” feature which is enabled by default is also a means for Google to collection information on the languages a person speaks.
The report mentions that Android devices notify Google when the device owner accesses any app on their device. In addition, periodic updates are sent to Google servers where your device type information, cellular service provider name, app crash reports and information on all other apps installed and deleted from your apps is available to Google.
Another major concern as highlighted by this report by Dr. Schmidt is that Chrome browser and Android platform collection user data not just on their location but also on their movement as well.
Google can determine with a fair degree of accuracy on when a user is walking, running,
bicycling, or is on a train or driving a car. This is made possible when Android user’s location coordinates are tracked at frequent intervals and the information is corelated with data from onboard sensors like accelerometers. The following is a diagram that was presented in the report to illustrate this point:
Image: Snapshot from a Google user location upload
Recently, the House Committee on Energy and Commerce in the U.S. had sent a letter to several technology companies including Alphabet (Google’s parent company) questioning how Google collects data.
It is interesting to note here that while Twitter and Facebook were represented by Twitter CEO Jack Dorsey and Facebook COO Sheryl Sandberg at the hearing, Google was conspicuous by its absence and chose not to send any top executive to this hearing.
Here’s a video of the Congressional hearing and the opening remarks by Senator Collins where she expresses her outrage at the fact that Google didn’t turn up for this hearing.
Dr. Douglas C. Schmidt is some of impeccable reputation. He is the Cornelius Vanderbilt Professor of Engineering in the Electrical Engineering and Computer Science Department. Dr. Schmidt is also the Co-Director of the Data Science Institute and a Senior Researcher at the Institute for Software Integrated Systems, all at Vanderbilt University. He is also a Visiting Scientist at the Software Engineering Institute (SEI) at Carnegie Mellon University.
The points raised in the report are quite serious and Google must try and make a point by point rebuttal of these allegations made in the report.
There seems to be no respite from data privacy concerns and it seems like no lessons have been learnt from the recent
Cambridge Analytica and Facebook Data Scandal which we thought will be an awakening for everyone concerned. Regulators will have to now come down heavy on these technology companies and ensure user data is protected and not compromised at any cost.