Consumer protection agencies from seven EU countries filed today GDPR complaints against Google for using deceptive practices to track users' location.
The seven consumer protection agencies claim that Google "lacks a valid legal ground for processing the [location] data in question" and that because of its deceptive practices the users' consent "is not freely given," hence, the company is in violation of the new General Data Protection Regulation (GDPR) that entered into effect in the EU space since late May, this year.
GDPR complaints have been filed with national data protection authorities in the Netherlands, Poland, the Czech Republic, Greece, Norway, Slovenia, and Sweden.
Also: Russian election hacking hits a bump, but it's still going on CNET
"Location data can reveal a lot about people, including religious beliefs (going to places of worship), political leanings (going to demonstrations), health conditions (regular hospital visits) and sexual orientation (visiting certain bars)," said today officials from BEUC, an umbrella group for 43 national consumer organisations from 32 European countries.
All seven GDPR complaints have been filed based on the findings of a 44-page report published today by Norway's Consumer Council, the country's consumer protection agency.
The aforementioned report shows how Google has been using a number of deceptive practices to enable location tracking for Google accounts via two settings known as Location History and Web & App Activity.
The report claims that Google has been using a series of deceptive practices and design tricks to push users into activating the two location tracking features and leaving them enabled. The report lists the following practices:
The Norwegian agency's report has been put together after two field tests carried out on freshly installed Android smartphones in July (Samsung Galaxy S7 Android device running Android version 8.0.0) and again in October (on the same Samsung device, and on a Google Pixel device running Android version 9). The two tests identified similar issues, resulting in a decision from the seven agencies to go forward with GDPR complaints.
Following today's filings, data protection agencies in each of the respective seven countries will have to investigate Google's location tracking practices in light of the current GDPR legislation.
If found guilty, Google risks fines that can go up to €20 million ($22.6 million) or 4 percent of annual global turnover.
Also: 7 tips for SMBs to improve data security TechRepublic
Today's GDPR complaint filings also come after two separate investigations by Quartz and the Associated Press found similar issues with Google collecting users' location details, even when location services are visibly disabled in the user interface.
Google tried to save face over the summer when it made changes to the Google account dashboard interface, but by that point, it was too little too late, as the company had already drawn the ire of users and EU consumer protection agencies alike.
Cisco Live 2018: 'GDP is directly linked to GDPR'
The protection of data will become linked with economic growth, according to Cisco's chief privacy officer.
GDPR's silver lining: Data-driven AI and innovation in the enterprise
IBM's Cristina Cabella explains why GDPR has the potential to promote AI and machine learning in the enterprise.
Facebook's latest breach could cost the social network over a billion under new GDPR laws
Facebook was fined £500,000 under the Data Protection Act for the Cambridge Analytica scandal but may not get away so lightly this time.
UK levels first GDPR fine against Canadian analytics firm linked to Brexit campaign
AggregateIQ, also linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Brave browser files GDPR breach complaints against Google in the EU
Google and fellow ad tech firms accused of violating GDPR during the "bid request" process used in behavioral ads.
GDPR cuts tracking cookies in Europe
Three months after the introduction of the General Data Protection Regulation (GDPR), European news sites have reduced their use of tracking cookies by 22 percent, according to research from the University of Oxford. Companies that run websites should be aware of the problem and ready to act.