Four U.S. Democratic Senators today called on the Federal Trade Commission “to investigate Apple and Google for engaging in unfair and deceptive practices by enabling the collection and sale of hundreds of millions of personal user data of mobile phones”.
“The FTC should investigate Apple and Google’s role in turning online advertising into an intense surveillance system that instigates and facilitates the rampant collection and constant sale of Americans’ personal data,” they wrote. . “These companies have failed to educate consumers about the privacy and security dangers of using these products. It is high time to end the privacy breaches imposed on consumers by these companies.”
The letter cited the Supreme Court’s decision overturning Roe vs. Wade, saying that women “who seek abortions and other reproductive health care will become particularly vulnerable to privacy breaches, including through the collection and sharing of their location data.” He continued:
Data brokers already sell, license and share location information of people who visit abortion providers to anyone with a credit card. Prosecutors in states where abortion becomes illegal will soon be able to obtain warrants for the whereabouts of anyone who has visited an abortion provider. Private actors will also be incentivized by state bounty laws to track down women who have obtained or seek abortions by accessing location information through shady data brokers.
iOS, Android “power the unregulated data broker market”
The letter was sent to FTC Chairwoman Lina Khan by the senses. Ron Wyden (D-Ore.), Elizabeth Warren (D-Mass.), Cory Booker (DN.J.) and Sara Jacobs (D-Calif.). Apple and Google “knowingly facilitated these harmful practices by creating advertising-specific tracking identifiers in their mobile operating systems,” the senators wrote.
“Both Apple and Google designed their mobile operating systems, iOS and Android, to include unique tracking identifiers that they marketed specifically for advertising purposes,” the letter states. “These identifiers have fueled the unregulated data broker market by creating a single piece of device-related information that data brokers and their customers can use to link to other consumer data. This data is purchased or acquired from app developers and online advertisers, and may include consumer movement and web browsing activity.”
As Apple stopped enabling tracking IDs by default, the senators wrote that both companies were harming consumers:
Apple and Google now allow consumers to opt out of this tracking. Until recently, however, Apple enabled this tracking ID by default and required consumers to dig into confusing phone settings to disable it. Google still enables this tracking ID by default and until recently did not even offer consumers an opt-out option. By failing to warn consumers of the foreseeable harm that would result from using their phones with the default settings chosen by these companies, Apple and Google enabled governments and private actors to exploit ad tracking systems for their own surveillance and have exposed hundreds of millions of Americans to serious privacy breaches.
Last week, Warren proposed legislation banning data brokers from selling Americans’ location and health data.
“Anonymous” identifiers can be linked to people
Advertising IDs are “purportedly anonymous” but in reality “are easily linked to individual users,” the letter says. “Indeed, some data brokers sell databases that explicitly link these advertising identifiers to consumers’ names, email addresses and phone numbers. But even without purchasing this additional data, it is often possible to easily identify a individual consumer in a dataset of ‘anonymous location records by looking at where they sleep at night.’
We asked Apple and Google to comment on the letter and will update this story if we get a response.
Updated at 2:55 p.m. ET: Google responded to Ars, touting its efforts to block apps that violate Google Play policies and the bans it has placed on companies that apparently sold user data. “Google never sells user data and Google Play strictly prohibits the sale of user data by developers,” the company said in a statement. “The Advertising ID was created to give users more control and provide developers with a more private way to effectively monetize their apps. Additionally, Google Play has policies in place that prohibit the use of this data for purposes other than advertising and user analysis. Any claims that Advertising IDs created to facilitate the sale of data are simply false.”
Google also said its Android Privacy Sandbox “will enable new, more private advertising solutions that limit the sharing of user data with third parties and work without cross-party identifiers, including advertising IDs.” Ars reporter Ron Amadeo’s coverage of this initiative called it “toothless”.
EFF calls for action from Congress and tech companies
The senators’ letter was prepared ahead of the official release of the Supreme Court’s decision on abortion, made public today after a draft leaked in early May. Responding to the court’s decision today, the Electronic Frontier Foundation said it “underlines the importance of fair and meaningful data privacy protections.”
“Everyone deserves to have strict control over the collection and use of information that they necessarily leave behind during their normal activities, such as using applications, queries on search engines, posting on social media, texting friends, etc,” the EFF said. . “But those who seek, offer or facilitate access to abortion must now assume that any data they provide online or offline could be sought by law enforcement.”
The EFF urged state and federal lawmakers to “enact meaningful privacy legislation” and said companies should protect privacy “by allowing anonymous access, stopping behavior tracking, strengthening data deletion policies, encrypting data in transit, enabling end-to-end message encryption by default, preventing location tracking, and ensuring users are notified when their data is sought .”
Last month, more than 40 Democratic members of Congress called on Google to stop collecting and storing customer location data that prosecutors could use to identify women who have abortions. Lawmakers have also been working on comprehensive data privacy legislation, but no proposals are set to pass.