Google has been ordered to pay 60 million Australian dollars for making misleading representations to Aussie consumers about the collection and use of their data on Android phones.
Google was found to have breached Australian Consumer Law between January 2017 and December 2018 by erroneously telling Android users that the setting titled ‘Location History’ was the only Google account setting that affected whether Google collected, kept and used personally identifiable data about their location.
However, the Australian watchdog found that another Google account setting, titled 'Web & App Activity,' would also enable the web behemoth to collect, store and use personally identifiable location data when it was turned on. Notably, that setting was turned on by default.
Based on available data, the ACCC estimates that roughly 1.3 million Google accounts in Australia would have likely viewed a screen found by the Court to have breached Australian Consumer Law.
“Companies need to be transparent about the types of data that they are collecting and how the data is collected and may be used, so that consumers can make informed decisions about who they share that data with,” said ACCC Chair Gina Cass-Gottlieb.
“This is the first public enforcement outcome arising out of the ACCC’s Digital Platforms Inquiry,” Cass-Gottlieb added.
Google accepted that remedial steps were in order and addressed the contravening conduct by Dec. 10, 2018. Since then, users have no longer been shown the misleading screens.
The internet giant also accepted that the penalty calculated at AUD 60 million was appropriate, and that no separate penalty against its Australian subsidiary, Google Australia Pty Ltd., was necessary.
The Court has also required Google to review its policies and show clear commitment to compliance, including by training staff on Australian Consumer Law. Lastly, Google is also required to absorb some of the ACCC’s costs related to this action.
Google’s conduct – or at least most of it – occurred before the maximum penalty was increased for breaches of Australian Consumer Law. The maximum from September 2018 is the higher of $10 million, three times the value of any benefit obtained from the alleged conduct or, if the value cannot be determined, 10% of turnover.
By comparison, Europe’s General Data Protection Regulation (GDPR) says entities found liable of such conduct will be fined up to 10 million euros, or, in the case of an undertaking, up to 2% of the entire global turnover of the preceding fiscal year, whichever is higher.
For especially severe violations of the GDPR, companies can be fined up to 20 million euros or up to to 4% of their global turnover, whichever is higher.