By CAPosts 08 April, 2021 - 01:44am
Mobile phones that run on Google's Android operating system, which in the case of the European Union are around 70%, contain a tracker whose existence users are not informed. These unique identifiers, a kind of digital license plate for each device, allow Google and all applications installed on the phone to "track the user and combine information about their online and mobile behavior." That's what the lawsuit filed in France against Google by Noyb, an NGO focused on protecting privacy, presided over by Austrian lawyer and activist Max Schrems, known for having previously put Facebook in check.
The key, according to the Schrems team, is that European regulations oblige users to be tracked for consent. That does not happen with the Android Advertising Identifier (AAID, for its acronym in English), argue from Noyb, and therefore collides head-on with the European Directive on Electronic Privacy, also known as the Cookie Law. EL PAÍS has asked Google for its version of events, but the company has preferred not to comment on the matter.
The effect of the AAID identifier can be compared with third-party cookies , which also require explicit consent. “It's as if when you get up in the morning you have some magic powder on your hands and feet and you leave a mark on everything you touch. And that later, someone with special glasses could see the trail of those powders ", illustrates Stefano Rossetti, a lawyer specializing in privacy at Noyb. The information that the AAID collects is supposed to be for the real-time ad space auction system. "We do not doubt it, but the point is that it can also be used for other purposes," adds Rossetti.
AAID works as follows. Google Play Store automatically generates an alphanumeric identifier for each device that connects to the app store. This identifier, which can be shared with other companies, such as application providers or advertisers, collects information about user behavior and consumer preferences, so that personalized advertising can be offered. Google's software not only creates that identifier without the knowledge of individuals, they assure from Noyb, but it also denies Android users the option to remove it.
"The scope of this case is disconcerting," says Rossetti. "Almost all Android users seem to be affected by this technology." Around the world there are about 2.5 billion active mobile phones that use the Android operating system, according to Google data. Around 300 of them are in the European Union.
Noyb, an organization whose name is the acronym for None of Your Business , decided to file the lawsuit in France because "it has a legal guarantee system, which protects well the user in the digital field ”, says Rossetti, something on which legal experts consulted agree. The lawyer maintains that his team is studying also filing similar lawsuits against Google in more EU countries, although they still cannot say in which ones (they are in the process of analyzing the respective legal systems to see which of them are more conducive). Max Schrems, in his Vienna apartment, supported by the 1,200 sheets of personal information that Facebook collected about him.Carlos SpottornoThe background of Apple
These legal actions are part of a longer process related to trackers hidden in the mobile environment that he has in march Noyb. “We are trying to make it clear that our phones should not integrate identifiers or trackers by default. It is not an individual preference, but a legal issue, ”says Rossetti.
Noyb charged Apple last year in the courts of Germany and Spain for the same matter: iPhones incorporate, according to the non-profit organization, an Identifier for Advertisers (IDFA) that allows the apple company to monitor users without your consent. Its operation is practically identical to that of Google. What has been the result of the lawsuit? The company has announced that the new version of its mobile operating system, iOS 14.5, will ask users for permission for the first time to use the identifiers, according to the Financial Times . "Apple still creates that identifier, but now it asks for third-party consent to use it." It is better than nothing, says the lawyer, but it does not answer the main question: why was this identifier created and installed by default on iPhones?
From the point of view of the Austrian association, the possible faults of Google o Apple does not have to do with the General Data Protection Regulation (GDPR) of the EU, but with the European Directive on Digital Privacy of 2002, modified in 2009 (the Cookies Law). “Although the principle is quite clear (trackers have to be authorized by users), Member States have implemented these principles in different ways in their jurisdictions. That is why we have tried to treat these cases as national ”, the lawyer abounds.
It all started with Facebook
Max Schrems and his organization made headlines last year, when the Court of Justice of the European Union (CJEU) questioned the security of the main data transmission mechanism between the European Union and the United States . The CJEU ruling, motivated by a lawsuit filed by Schrems against Facebook, does not prohibit the sharing of personal data on both sides of the ocean, but requires companies to sign safeguards that include the informed consent of those affected. And that, according to Schrems denounced, that did not happen.
The Austrian has been battling since 2011 with the largest social network in the world regarding the use he makes of personal data. When he was 23 years old, Schrems asked Facebook for all the information it had about him. It detected several violations of its privacy, with which it presented 22 complaints that drew the attention of the press. In 2013 he also complained that his personal data was transferred from the Irish subsidiary of the company chaired by Mark Zuckerberg to its North American servers to be processed, while in that country the privacy protection laws are different. European justice agreed with him, which earned him praise from Edward Snowden, among others. Viviane Reding, European Commissioner for Justice that drove the development of RGPD, the mainstay of European regulations on privacy, said he was about Schrems who made him understand that "we could not go on" .
- An initiative so that the citizen can consult all their medical records from the mobile
- You're wrong? Shake the iPhone and other tricks to undo almost everything on the mobile and on the computer
- Is artificial intelligence changing the way we are human?
- 'Cyberfatigue': why we get tired of taking precautions online and how to stay alert
- "We are 15 people, I'm freaking out": the challenge of living from live on Twitch