FTC asked to investigate the tracking of shoppers
WASHINGTON» A prominent privacy rights watchdog is asking the Federal Trade Commission to investigate a new Google advertising program that ties consumers’ online behavior to their purchases in brickand-mortar stores.
The legal complaint from the Electronic Privacy Information Center, scheduled to be filed with the FTC on Monday, alleges that Google is newly gaining access to a trove of highly sensitive information — the credit and debit card purchases records of the majority of U.S. consumers — without revealing how they got the information or giving consumers’ meaningful ways to opt out. Also, the group claims that the search giant is relying on a secretive technical method to protect the data — a method that should be audited by outsiders and is likely vulnerable to hacks or other data breaches.
“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” said Marc Rotenberg, the organization’s executive director.
Google called its advertising approach “common” and said it had “invested in building a new, custom encryption technology that ensures users’ data remains private, secure and anonymous.”
Executives have hailed Google’s program, Store Sales Measurement, as a “revolutionary” breakthrough in advertisers’ abilities to track consumer behavior. The company said that, for the first time, it would be able to prove, with a high degree of confidence, that clicks on online ads led to purchases at the cash register of physical stores.
To do this, Google said it had obtained access to the credit and debit card records of 70 percent of U.S. consumers. It then developed a mathematical formula that would anonymize and encrypt the transaction data, and then automatically match the transactions to the millions of U.S. users of Google and Google-owned services such as Gmail, search, YouTube and maps. This approach prevents Google from accessing the credit or debit card data for individuals.
But the company did not disclose the mathematical formula it uses to protect consumer’s data. In a statement, Google said that it had taken pains to build custom encryption technology that ensures that the data the company receives remains private and anonymous.
The privacy organization is asking the government to not take Google’s word for it and to review the algorithm itself. In its complaint, the organization said the mathematical technique that Store Sales Measurement is based on, CryptDB, has security flaws. Researchers hacked into a Crypt-DB-protected health care database in 2015, accessing more than 50 percent of the stored records.