Google accused of “illegally” tracking Android users
The AAID is unique to all Android devices and can be shared with third parties for more effective targeted advertising
Renowned privacy activist and lawyer Max Schrems has accused Google of tracking Android users without their consent.
Schrems has filed a complaint with the French data protection regulator that accuses the tech giant of infringing the privacy rights of the more than 300 million European citizens who use Android phones by generating unique advertising codes for each user.
These Android Advertising Identifiers (AAIDs), according to Schrems’ organisation Noyb (None Of Your Business), allows both Google and third-party developers and advertisers to track users’ browsing behaviour to more effectively target them with ads.
Android creates AAIDs without the user’s knowledge or their consent, the complaint claims, meaning that Google contravenes the 2002 ePrivacy Directive, also known as the cookie law, according to Schrems. This regulation is separate from GDPR and in the process of revision.
“Imagine having coloured powder on your feet and hands that marks your every step and action: everything you touch within the mobile ecosystem,” said privacy lawyer at Noyb, Stefano Rossetti.
“And you can’t remove it - you can only change it to a different colour. This is what the Android Advertising ID is all about – a tracker that marks your every action within and beyond the mobile ecosystem.
“The extent of this case is bewildering. Almost all Android users seem to be affected by this technology. We, therefore, hope that the French CNIL will take action.”
According to the complaint, Android creates the AAID without consent and it serves as a license plate that uniquely identifies the phone. Google, as well as third parties, can then access the code to track user behaviour, elaborate consumption preferences and fine-tune targeted advertising.
Google not only installs the AAID without consent, Noyb claims, but also denies users the option of deleting it. As the organisation demonstrated in a previous complaint, users can only ‘reset’ the code and are forced to generate a new tracking AAID to replace the original.
IT Pro 20/20: Meet the companies leaving the office for good
The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021DOWNLOAD NOW
Filing the complaint under the ePrivacy Directive versus GDPR also means the French regulator, CNIL, will make a decision on its own, rather than needing to liaise with its European counterparts as would be required under GDPR.
This latest complaint follows a similar charge levied against Apple for a tool included with iOS 14 that tracks iPhone user behaviour without their consent. The group claimed that Apple’s IDFA stores behavioural data that operates in exactly the same way as the Android tracker the Noyb has launched its most recent complaint about.
Schrems has a track record of success when making such complaints, having previously been responsible for the complaint which invalidated the primary EU-US data-sharing mechanism, known as the Privacy Shield.
BCDR buyer's guide for MSPs
How to choose a business continuity and disaster recovery solutionDownload now
The definitive guide to IT security
Protecting your MSP and your customersDownload now
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
The complete guide to changing your phone system provider
Optimise your phone system for better business resultsDownload now