Attorneys General Sue Google for Unfair and Deceptive Consumer Location Tracking Practices


Washington D.C. Attorney General Karl Racine sued Google on January 24 for its deceptive location tracking practices in violation of D.C.’s Consumer Protection Procedures Act. AG Racine opened an investigation into this issue after a 2018 Associated Press article exposed Google’s data practice of tracking users even after the “location history” setting was toggled off. The Office of the Attorney General alleges that Google has been systematically deceiving consumers about how their locations are collected, tracked, and used since at least 2014. Although Google provides users with options to adjust their privacy and location tracking settings, AG Racine stated that the company has misled consumers about the extent to which they can control what information is collected about them when there is “effectively no way for consumers to prevent Google from collecting, storing, and profiting from their location data.” The complaint specifically alleges that Google harmed consumers by misleading consumers about their ability to exercise choice through their Google account settings, misleading Android users about their ability to exercise choice through their device settings, misleading consumers about Google’s need for location data by stating that certain functionalities could not work without collecting location data, and using dark patterns to undermine user choice through methods like prompting users who previously disabled location tracking to re-enable it. FTC Commissioner Rebecca Kelly Slaughter defined “dark patterns” at a 2021 workshop on the topic as “user interface designs that manipulate consumers into taking unintended actions that may not be in their interest,” like the smaller text option declining a coupon that a user would receive in exchange for providing additional information to a shopping website. That smaller text link that allows users to enjoy their privacy and the large button advertising a discount are both intentionally designed in a way to influence users to provide more information than they may have wanted to.


Who Is Affected

Consumers who use Android mobile devices and all consumers who use Google products, including but not limited to Google search and Google Maps, on devices running other operating systems are impacted by Google’s location tracking practices. As long as Google’s products remain free of charge, its business model will continue to rely on data collection. Through the collection of user data across its product line, from emails typed out in Gmail to anything searched for or clicked on in the Chrome web browser, Google builds user profiles off of which it can sell highly targeted advertising. Location data played enough of a role in the organization’s digital advertising to have generated around $150 billion in revenue in 2020, according to the complaint. Users can turn off location tracking and delete their location history, but this is not a global setting and other Google apps like the Android built-in weather app will automatically store time-stamped location data without re-obtaining consent.


What’s Next

The D.C. OAG has inspired the attorneys general of Indiana, Texas and Washington to file similar lawsuits against Google to try to stop current future deceptive and unlawful practices, and to protect the privacy of consumers using Google services. While there is no word yet on whether the Pennsylvania OAG will pursue a similar action, attorneys working for businesses that use or rely on consumer location data should make sure to conduct data flow audits to determine how much data is collected in comparison to how much of that data is needed for essential business processes. Attorneys should also work with product engineers to ensure notice and choice are provided and opt-out limitations are explicitly explained to users. Additionally, attorneys can look to organizations like the FTC for workshops that explain what dark patterns are and how to detect them.


Anokhy Desai is a law student at the University of Pittsburgh School of Law with an expected graduation in May 2022.

About: PBA Cybersecurity and Data Privacy

The Pennsylvania Cybersecurity and Data Privacy Committee analyzes cybersecurity issues and educates PBA members about legal, regulatory and industry standards that preserve the confidentiality of protected information.

Leave a Reply

Your email address will not be published. Required fields are marked *