Privacy activist takes on Google over Android tracker | #Adroid | #security

A pressure group set up by Austrian privacy activist and lawyer Max Schrems has launched a new campaign in France, this time complaining that Google’s Android advertising tool violates European Union rules by failing to get users’ consent.

noyb (none of your business), established by Schrems to take on the Internet giants and others over perceived privacy violations in Europe, said it launched action against the Android Advertising Identifier (AAID) claiming that the “somewhat hidden ID” allows Google and all apps on the phone to track a user and combine information about online and mobile behavior.

“While these trackers clearly require the users’ consent (as known from ‘cookie banners’), Google neglects this legal requirement,” said noyb.

Not so private lives: noyb claims Google’s Android Advertising Identifier (AAID) means users can be tracked without their consent.
(Source: Jason Dent on Unsplash)

It said the complaint against the AAID was filed to the Data Protection Authority (CNIL) of France.

The group has made similar complaints against Apple’s Identifier for Advertisers (IDFA), as part of a larger project aimed at removing hidden tracking identifiers from the mobile environment.

No consent

noyb claims that Google’s software creates the AAID without the user’s knowledge or consent. It then not only installs the AAID without consent, but it also denies users the option of deleting it, the group said.

“As we have proven in our previous complaint filed in Austria, users can merely ‘reset’ the ID and are forced to generate a new tracking ID to replace the existing one. This neither deletes the data that was collected before, nor stops tracking going forward,” noyb said.

noyb points out that there are about 450 million active mobile phones in the European Union. Of these, about 306 million use Android.

Stefano Rossetti, privacy lawyer at, said: “The extent of this case is bewildering. Almost all Android users seem to be affected by this technology. We therefore hope that the French CNIL will take action.”

noyb explained that since the complaint is based on the e-Privacy directive, the French authority is able to make a decision without the need for cooperation with other EU Data Protection Authorities, as under GDPR. “Should the authority adhere to the complainant’s interpretation, the amount of the sanction could be substantial,” it suggests.

Privacy please

Schrems and noyb put the online giants on notice when Europe’s new General Data Protection Regulation (GDPR) came into force in May 2018.

Want to know more about security? Check out our dedicated security channel here on Light Reading.

To mark the arrival of the new privacy rules, noyb filed four complaints targeting Facebook, Google, Instagram and WhatsApp, drawing data regulators’ attention to what it sees as the online giants’ attempts to impose “forced consent” on their users.

According to the group, GDPR prohibits such “forced consent” and “any form of bundling a service with the requirement to consent.”

Related posts:

— Anne Morris, contributing editor, special to Light Reading

Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 5 =