Google told to come clean on how it tracks what you buy offline

Privacy rights group the Electronic Privacy Information Center (EPIC) will file a legal complaint with the Federal Trade Commission over a system Google is using to link web activity with in-store card purchases.

The complaint concerns Google's new Store Sales Measurement program, which aims to demonstrate to advertisers that clicks online do lead to purchases at the register.

According to The Washington Post, EPIC wants Google to be more transparent about what data on credit and debit card purchases it's accessing, how it's getting the information, and what encryption it's using to ensure user data remains anonymous.

Announcing the system in May, Google said third-party partnerships allow it to capture 70 percent of all payment card transactions in the US. The system matches transactions back to Google ads, which Google said was done in a "secure and privacy-safe way". It also reports aggregated and anonymized store sales data to advertisers.

Google has developed custom encryption to anonymize and encrypt the payment data it receives from third parties, which prevents it from accessing the data for individuals.

Google can match in-store spending to ads if a consumer provides their email address at the register. For consumers who don't provide an email address, Google relies on third-party providers of payment-card transaction data.

Google execs have previously confirmed its 'double-blind' encryption is based on CryptDB, a system for protecting applications run on SQL databases. CryptDB was developed by MIT researchers in 2011 with partial funding from Google.

The researchers noted that since CryptDB uses chained encryption, "a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in".

However, in an interview with the Post in May, Google declined to reveal exactly how it is encrypting data, citing a pending patent.

A Google exec told the paper back then how it matches data from its third-party partners: "Through a mathematical property we can do double-blind matching between their data and our data. Neither gets to see the encrypted data that the other side brings."

EPIC wants the FTC itself to review the algorithm and for Google to reveal how it gets purchase data. The privacy group argues that consumers can't make an informed decision about which cards to use or which shops to avoid if they'd prefer not to have purchases tracked.

EPIC, which filed the FTC complaint over Google's Buzz launch in 2011, also notes that purchases can reveal medical conditions, religious beliefs and other sensitive information.

Google said users can opt out of the tracking by going to the My Activity Page, clicking on Activity Controls, and unchecking 'Web and Web Activity'.

However, EPIC argues that Store Sales Measurement goes beyond location tracking.

"Google requires its Store Sales Measurement partners to have the rights to individuals' transaction data but the details on how, or whether, individuals choose to give or not give these rights has not been disclosed," EPIC says.

Read more on Google

• Google launches SOS Alerts in Search and Maps for emergency updates
• Google asks US court to block full enforcement of Canadian de-indexing order
• Alphabet beats Q2 targets even as profit slumps on $2.7bn EU fine
• Google releases final Android O developer preview
• Google 'right to be forgotten' case goes to top EU court
• Google wants you to stop using its SMS two-factor sign-in
• Google CEO: 11 phones will start Daydreaming before 2018 (CNET)
• Google Home: The smart person's guide (TechRepublic)