The House of Google: Inside the Data Collection Scandal 📱🚨
Cliquez ici pour lire en français
Today, it is more than obvious that the subjects related to personal data, confidentiality and respect for the privacy of users are very sensitive. We can thus observe the failings of digital companies that rely on this type of content to evolve behind the somewhat fallacious objective of offering the best customer experience. Which is an excellent reason when we know that we technophiles are thirsty for innovation, for something new. But this is without measuring the risks.
And so we find Google pinned down in a case of non-consensual collection of personal data. Not new, of course, but the manner this time is beyond our imagination! Moreover, in order to better control this aspect of respect for users, legislators and Tech Houses have provided for very strict rules to accentuate this protection.
Focus on the Privacy Principle
In a previous article, we took care to clarify what is meant by personal data and how it is handled. By design! This personal information is a significant data bank for companies these days. This should alert you to the quality and quantity of information being transmitted.
So what precautions are planned?
What does the GDPR stipulate?
The GDPR, which stands for General Data Protection Regulation, is the regulatory body that governs the processing of personal data in the European Union.
Although geographically limited, these laws are likely to be of interest to many. It is based on principles such as:
- The purpose principle for data processing with a defined purpose.
- The principle of proportionality and relevance for the recording of information that is strictly necessary for the purpose of the processing.
- The principle of limited retention period for precise retention according to the type of information and the purpose of the processing.
- The principle of security and confidentiality to guarantee the security and confidentiality of the information it processes.
Que prévoit Google ?
As the main protagonist in this scandal, it is important to know what the organisation had planned in terms of protecting its users’ data. Here is their credo
«When you use our services, you entrust us with your personal data. We understand that this is a big responsibility and we do everything we can to protect your information and allow you to manage it. »
Therefore, it is important to clarify that Google collects your data such as your personal information, browsing history and even language preferences and etc… from the device or application used. All this personal information is stored as it happens.
But that’s not all!
«We also collect content that you create, upload or receive from other users when you use our services. This includes items like emails you write and receive, photos and videos you save, documents and spreadsheets you create, and comments you post on YouTube videos.»
However, Google reassures that:
« We use the information to improve the security and reliability of our services. This includes detecting, preventing and responding to fraud, abuse, security risks and technical problems that could harm Google, its users or the public. »
It must be said that everything is in place to ensure the proper use of the data we voluntarily provide. So how do we explain this real scandal?
Operation Spin: Google Collects Data 🕵🏾♂️
No one will fall off their chair when they learn that Google collects a lot of personal data from its users. Although Google is primarily perceived as a search engine, the core of its business model is advertising. And in order to sell advertising to advertisers, you need data. Whether you use Chrome, Gmail and other Google services, data is constantly being collected. While Google states that it collects this data in the details of its applications, this is not necessarily the case with its Google Phone and Messages applications. Indeed, through these two applications pre-installed on billions of devices worldwide, the pink post could be discovered.
According to the study conducted by Douglas Leith, Google retrieves the hash of messages sent via the Messages application. The hash makes it possible to link the sender of a message to its recipient. Even worse, Google retrieves the times and duration of incoming and outgoing calls via the Phone application. And while it’s at it, it also collects the associated phone numbers. Disturbing! Once collected, this information is sent to the Google Play and Google Firebase Analytics services, which allow the study of user behaviour. This gives Google the freedom to resell this data, even to establish typical profiles, and even to resell the conclusions of its analyses.
The most problematic aspect is that Google does not inform its users at any time of the collection of this data, nor does it offer any solution to deactivate the collection of this information by the said services. In his study, the professor noted that the pre-installed versions of these two applications do not include any privacy policy that could justify the collection of this data, even though Google requires it of third-party applications. Google is therefore in breach of its privacy policy. He also explains that the Google Takeout service, which allows users to download a copy of all the personal data that Google holds on a user, does not include the data collected by these two applications. That’s odd!
The study goes further to reveal that Google Play Services states that some data is collected to limit fraud and for security purposes, but never details exactly what data is collected and how it is used.
Conclusion: Google, when the notion of ethics breaks down
It must be said that through these practices, Google is blatantly violating the framework established by the RGPD and its own rules. Indeed, this law obliges digital actors to warn users when they collect their data. Above all, they must ask for their consent before any recovery of this data. However, Messages and Phone are not accompanied by any request for consent as mentioned above. And no matter how hard you look in the application or phone settings, there is no way to disable the collection of information by these services. Google has not yet given any explanation for these practices.
However, we would like to remind you that WhatsApp was previously fined in Ireland for non-compliance with the GDPR. It was fined a record 225 million euros.
Sources : The Register, Clubic, Google