Four Democratic US senators today asked the Federal Trade Commission to “investigate Apple and Google for their involvement in unfair and deceptive practices by allowing the collection and sale of hundreds of millions of personal data from mobile phone users.”
“The FTC should investigate the role of Apple and Google in transforming online advertising into an intense surveillance system that encourages and facilitates the unrestrained collection and constant sale of Americans’ personal data,” they wrote. “These companies have failed to educate consumers about the privacy and security risks associated with using these products. It is too late to end the privacy harm these companies inflict on consumers.”
The letter cited the Supreme Court’s decision to quash Roe v. Wade, and said women “seeking abortions and other reproductive health care will become particularly vulnerable to privacy violations, including through the collection and sharing of their location data.” It continued:
Data brokers already sell, license, and share the location information of people visiting abortion providers to anyone with a credit card. Prosecutors in states where abortion is becoming illegal will soon be able to obtain search warrants for location information about anyone who has visited an abortion provider. Private actors will also be incentivized by state premium laws to track down women who have had or want to have an abortion, by accessing location information through shady data brokers.
iOS, Android “fueled the unregulated data broker market”
The letter was written by Sens. Ron Wyden (D-Ore.), Elizabeth Warren (D-Mass.), Cory Booker (DN.J.), and Sara Jacobs (D-Calif.) sent to FTC Chair Lina Khan. Apple and Google have “knowingly facilitated these malicious practices by building ad-specific tracking IDs into their mobile operating systems,” the senators wrote.
“Apple and Google both designed their mobile operating systems, iOS and Android, to include unique tracking identifiers that they marketed specifically for advertising purposes,” the letter said. “These identifiers have fueled the unregulated data broker market by creating a single piece of information tied to a device that data brokers and their customers can use to link to other data about consumers. This data is purchased or obtained from app developers and online advertisers, and may include consumer movements and web browsing activity.”
Although Apple has stopped enabling the tracking IDs by default, the senators wrote that both companies harmed consumers:
Both Apple and Google now allow consumers to opt out of this tracking. Until recently, however, Apple enabled this tracking ID by default and consumers had to dig through confusing phone settings to disable it. Google still enables this tracking ID by default and didn’t even offer consumers an opt-out until recently. By failing to warn consumers of the predictable harm that would result from using their phones with the default settings these companies had chosen, Apple and Google allowed governments and private actors to use ad tracking systems for their own surveillance and enabled hundreds of millions of Americans to serious privacy issues.
Last week, Warren proposed legislation that would ban data brokers from selling Americans’ location and health data.
“Anonymous” identifiers can be associated with individuals
The advertising IDs are “supposedly anonymous”, but in reality are “easy to link back to individual users,” the letter said. This is because some data brokers sell databases that explicitly link these advertising IDs to consumer names, email addresses, and phone numbers. But even without purchasing this additional data, it is often possible to easily identify a particular consumer in a dataset of ‘anonymous’ location data by looking at where they sleep at night.”
We’ve asked Apple and Google to comment on the letter and will update this story if we get a response.
Update at 2:55 PM ET: Google responded to Ars, praising its efforts to block apps that violate Google Play policies and the bans it has imposed on companies that have apparently sold user data. “Google never sells user data and Google Play strictly prohibits the sale of user data by developers,” the company said in a statement. “The advertising ID was created to give users more control and provide developers with a more personalized way to monetize their apps effectively. In addition, Google Play has policies that prohibit the use of this data for purposes other than advertising and user analytics. advertising ID was created to facilitate the sale of data, are simply false.”
Google also said its Android Privacy Sandbox will “enable new, more private advertising solutions that limit the sharing of user data with third parties and work without cross-party identifiers, including advertising IDs.” Ars reporter Ron Amadeo’s coverage of that initiative called it “toothless.”
EFF calls for action by congress and technology companies
The senators’ letter was drafted before the official publication of the Supreme Court’s abortion decision, which came out today after a draft was leaked in early May. In response to today’s court ruling, the Electronic Frontier Foundation said it “underlines the importance of fair and meaningful data privacy protection.”
“Everyone deserves to have strong control over the collection and use of information that they necessarily leave behind during their normal activities, such as using apps, searches in search engines, posting to social media, texting friends, and so on,” he said. the EFF. † “But those seeking, offering or facilitating access to abortion should now assume that any data they provide online or offline is searchable by law enforcement.”
The EFF urged state and federal lawmakers to “pass meaningful privacy legislation” and said businesses should protect privacy “by allowing anonymous access, stopping behavior tracking, strengthening data erasure policies.” , encrypt data in transit, and allow end-to-end message encryption by default, preventing location tracking and ensuring users are notified when their data is requested.”
Last month, more than 40 Democratic members of Congress called on Google to stop collecting and storing customer location data that prosecutors could use to identify women who have abortions. Lawmakers have also been working on comprehensive data privacy legislation, but no proposals are likely to be passed anytime soon.
