Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
Google under scrutiny over its collection of user data
Google is facing a lawsuit for allegedly misleading users about collection of location data even when the ‘’Location History’’ setting is turned off.
In the lawsuit, filed in a federal court on August 17 in San Francisco, attorneys representing a man named Napoleon Patacsil argued that Google is violating the California Invasion of Privacy Act and the state’s constitutional right to privacy. The lawsuit is seeking a class-action status to represent all Google mobile users in the US, on both Android devices and iPhones.
The lawsuit was filed just days after the publication of an Associated Press report that found that ‘’many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.’’
The privacy setting in question is called ‘’Location History,’’ which users can turn off. ‘’With Location History off, the places you go are no longer stored,’’ Google’s support page on the matter previously stated. The company has since edited the page to clarify it continues to track users’ location even when the setting is disabled.
The company is facing additional scrutiny over the sweeping amounts of user data it collects on users, following the release of a new study, which found that ‘’a major part of Google’s data collection occurs while a user is not directly engaged with any of its products.’’
Internet, mobile, and telecommunications companies should be transparent about how they handle user information including which user information they collect and how, and for what purposes. The 2018 Corporate Accountability Index found that while Google was transparent about the types of user information it collects and how it collects it, the company failed to disclose that it limits the collection of user information to what is directly relevant and necessary to accomplish the purpose of its services. Out of 22 companies ranked by the Index, only three — Kakao, Samsung and Yandex — published clear disclosures stating that they minimize the collection of user information to what is relevant and necessary to accomplish the purpose of their services.
The facts uncovered by the Associated Press also underscore the need for systematic, regular, and independent technical testing to verify whether company policy disclosures, including those that RDR tracks and evaluates, are fully consistent with technical reality.
U.S. government takes Facebook to court over Messenger encryption
According to a Reuters report, the U.S. government is seeking to force Facebook to break the encryption of its messaging app Messenger, as part of a criminal investigation in relation to a notorious gang. Prosecutors want to wiretap one suspect’s ongoing voice conversations on Facebook Messenger.
In the case, which is proceeding under seal in a federal court in California, the government is seeking ‘’a motion to hold Facebook in contempt of court for refusing to carry out the surveillance,’’ according to anonymous sources interviewed by Reuters. Facebook is arguing in court that Messenger voice calls are encrypted end-to-end, and that the company cannot access them.
Where permitted by law, companies should publicly commit to implement the highest encryption standards available. This disclosure should include encryption in transit and at rest, end-to-end encryption, and forward secrecy. Where the law prohibits strong encryption, companies should clearly say so to users, explaining the specific legal barrier and the potential consequences for user privacy and safety. The 2018 Index found that Facebook enables users to secure their private content using end-to-end encryption for three services — Facebook, Whatsapp and Messenger — but not for Instagram. Only Whatsapp has end-to-end encryption enabled by default.
Apple cracks down on gambling apps in China
As many as 25,000 apps were reportedly removed from the App Store in China earlier this month. The company confirmed that it took action against ‘’illegal’’ gambling apps in the country, but did not confirm a number.
The removals come weeks after a number of state-media criticised Apple for failing to prevent the dissemination of content deemed illegal in China including gambling and pornography, U.S media reported.
Companies should be transparent about their processes for restricting access to content or accounts for either violating their own rules or the regulations of the countries in which they operate. Companies should also regularly publish data about the volume and nature of actions taken to restrict content or accounts that violate the company’s rules or in compliance with government and private removal requests.