Privacy Group FTC Privacy Petition Challenges Google Ad Program

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George Lynch

Alphabet Inc.'s Google didn’t give consumers a reasonable way to opt out of having their personal data, including payment card transaction information, used to evaluate the effectiveness of its online advertising, a privacy advocacy group said in a request for investigation to the Federal Trade Commission.

Google and other online giants subject to FTC jurisdiction, such as Inc. and Facebook Inc., rely on consumer confidence that they respect privacy and handle data securely. Challenges to that trust aren’t welcome by companies such as Alphabet, which Bloomberg data show has a market cap of over $652 billion.

Because companies that use consumer data face scrutiny from government and private-sector watchdogs, any advertising program should unambiguously notify consumers as to how their data are used and give them a clear way to opt out, Andrew Lustigman, advertising and marketing partner at Olshan, Frome Wolosky LLP in New York, told Bloomberg BNA Aug. 1.

“Companies that participate in such programs would be well advised to reconfirm that their privacy policies permit this type of sharing and that there is an ability for a consumer to opt-out,” Lustigman said.

According to the July 31 Electronic Privacy Information Center petition, Google’s Store Sales Measurement tool has allowed the internet giant to collect and use massive amounts of sensitive consumer information, including billions of payment card transactions.

The FTC confirmed to Bloomberg BNA that it had received EPIC’s letter but declined to comment on it.

Make Opting Out Easy

Although Google says it allows consumers to opt out of tracking, “The process is burdensome, opaque, and misleading,” EPIC’s petition said. The consumer privacy protection that Google cites for its advertising program uses a secret, proprietary algorithm, but that algorithm is based on another algorithm with a known security vulnerability, EPIC said. Google has engaged in unfair and deceptive activity prohibited by Section 5 of the FTC Act, it alleged.

“We take privacy very seriously so it’s disappointing to see a number of inaccuracies in this complaint,” a Google spokesperson said in a statement to Bloomberg BNA. “Users have robust controls—we only use data that they’ve consented to have associated with their Web and App activity in their Google account, which users can opt-out of at any time,” the statement said. Google directs users to its My Activity, where users can turn off tracking.

Google has previously claimed that it has access to approximately 70 percent of the credit and debit card transactions in the U.S.

Google doesn’t have access to individual transactions; it can only view aggregate values over multiple purchases, said a Google official who spoke on condition of anonymity to discuss the issue. EPIC counters that if consumers don’t know who is handling their data, they lose control of it.

Google’s guarantee of consumer privacy protection relies on a secret, proprietary algorithm that is based CryptDB, the algorithm with the known security vulnerability, EPIC said. The Google official denied the algorithm is based on CryptDB.

Google, which has previously been the subject of FTC scrutiny, has settled enforcement actions over privacy promises related to Apple Inc.'s Safari browser and the now-defunct Google Buzz social network.

To contact the reporter on this story: George Lynch in Washington at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security