Google told to come clean on how it tracks what you buy offline

A privacy group wants Google to reveal where it obtains US consumers' payment card data.
Written by Liam Tung, Contributing Writer

Privacy rights group the Electronic Privacy Information Center (EPIC) will file a legal complaint with the Federal Trade Commission over a system Google is using to link web activity with in-store card purchases.

The complaint concerns Google's new Store Sales Measurement program, which aims to demonstrate to advertisers that clicks online do lead to purchases at the register.

According to The Washington Post, EPIC wants Google to be more transparent about what data on credit and debit card purchases it's accessing, how it's getting the information, and what encryption it's using to ensure user data remains anonymous.

Announcing the system in May, Google said third-party partnerships allow it to capture 70 percent of all payment card transactions in the US. The system matches transactions back to Google ads, which Google said was done in a "secure and privacy-safe way". It also reports aggregated and anonymized store sales data to advertisers.

Google has developed custom encryption to anonymize and encrypt the payment data it receives from third parties, which prevents it from accessing the data for individuals.

Google can match in-store spending to ads if a consumer provides their email address at the register. For consumers who don't provide an email address, Google relies on third-party providers of payment-card transaction data.

Google execs have previously confirmed its 'double-blind' encryption is based on CryptDB, a system for protecting applications run on SQL databases. CryptDB was developed by MIT researchers in 2011 with partial funding from Google.

The researchers noted that since CryptDB uses chained encryption, "a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in".

However, in an interview with the Post in May, Google declined to reveal exactly how it is encrypting data, citing a pending patent.

A Google exec told the paper back then how it matches data from its third-party partners: "Through a mathematical property we can do double-blind matching between their data and our data. Neither gets to see the encrypted data that the other side brings."

EPIC wants the FTC itself to review the algorithm and for Google to reveal how it gets purchase data. The privacy group argues that consumers can't make an informed decision about which cards to use or which shops to avoid if they'd prefer not to have purchases tracked.

EPIC, which filed the FTC complaint over Google's Buzz launch in 2011, also notes that purchases can reveal medical conditions, religious beliefs and other sensitive information.

Google said users can opt out of the tracking by going to the My Activity Page, clicking on Activity Controls, and unchecking 'Web and Web Activity'.

However, EPIC argues that Store Sales Measurement goes beyond location tracking.

"Google requires its Store Sales Measurement partners to have the rights to individuals' transaction data but the details on how, or whether, individuals choose to give or not give these rights has not been disclosed," EPIC says.

Read more on Google

Editorial standards