Google will pay $29.5M to settle two lawsuits over its location tracking practices

Google will pay $29.5 million to settle two different lawsuits in the US over its deceptive location tracking practices.

Google decided to pay $29.5 million to settle two different lawsuits brought by the states of Indiana and Washington, D.C., over its deceptive location tracking practices.

The IT giant will pay $9.5 million to D.C. and $20 million to Indiana after the states filed two lawsuits against the company charging it with having tracked users’ locations without their express consent.

“Given the vast level of tracking and surveillance that technology companies can embed into their widely used products, it is only fair that consumers be informed of how important user data, including information about their every move, is gathered, tracked, and utilized by these companies. Significantly, this resolution also provides users with the ability and choice to opt of being tracked, as well as restrict the manner in which user information may be shared with third parties,” said Attorney General Karl A. Racine while announcing that Google will pay $9.5 million. “I am proud of how the exceptional lawyers and professionals in my office have creatively applied the District’s strong consumer protection laws to set the standard nationally and provide users far greater control of their personal information.”

“We sued because Google made it nearly impossible for users to stop their location from being tracked. Now, thanks to this settlement, Google must also make clear to consumers how their location data is collected, stored, and used.” Racine added.

Google is currently facing two similar lawsuits in Texas and Washington.

In November, Google agreed to pay $391.5 million to settle with 40 US states for misleading users about the collection of personal location data. The settlement is the largest attorney general-led consumer privacy settlement ever, states the announcement published by DoJ.

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. In addition to the multimillion-dollar settlement, as part of the negotiations with the AGs, Google has agreed to significantly improve its location tracking disclosures and user controls starting in 2023.” reads the DoJ’s press release.

Oregon Attorney General Ellen Rosenblum, who led the settlement along with Nebraska AG Doug Peterson, pointed out that for years Google has prioritized profit over their users’ privacy.

The authorities started the investigation into Google collection practice following a 2018 Associated Press article that revealed Google “records your movements even when you explicitly tell it not to.”

According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”. The former is “off” by default while the latter is automatically enabled when users set up a Google account, including all Android users.

Location data represent the core of the digital advertising business of the IT giant. However, location data can be used to expose a person’s identity and routines, and even infer personal details.

Google violated state consumer protection laws by misleading consumers about its location tracking practices since at least 2014. Google confused its users about the use of the account and device settings to limit Google’s location tracking.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]