In a ‘world-first’ proceeding of its kind, the Australian Competition and Consumer commission (ACCC) launched proceedings against Google LLC & Google Aus (Google) in 2020, alleging Google misled Android users as to how much of their personal data (i.e. geolocation) was being collected. On 16 April 2021, The Federal Court handed down its decision.
The Federal Court ruled that Google misled consumers in the initial set-up process of their Android devices by not making it clear enough that the ‘Location History’ setting was not the sole application setting responsible for collecting and tracking location data (i.e. personal information).
The Court found that between January 2017 and December 2018 an additional setting titled ‘Web & App Activity’, which was turned on by default, also allowed Google to collect and use location data. That is, this setting also had to be turned off to stop location data being collected. ACCC successfully established that Google had breached sections 18, 29(1)(g) and 34 of the Australian Consumer Law relating to misleading and deceptive conduct.
Whilst penalties for Google are yet to be determined, the ACCC is pursuing declarations (a statement confirming how and why Google’s actions were wrong), compliance orders (requiring that Google act in a certain way in the future) and penalties in the millions of dollars. The ACCC is also proposing that Google provide a prominent notice to Australian customers to explain how they collect personal data with respect to location data settings in a more transparent manner.
Google is currently considering an appeal of the decision.
The ACCC’s initiation of proceedings against Google is a ‘world-first’ (according to the ACCC) instance of a regulator targeting a major corporation in relation to dishonest collection of location data. This is of particular significance given that the ACCC is not specifically tasked with enforcing privacy and data laws and standards. We are continuing to see regulators shifting their focus to Big Tech practices in line with growing consumer awareness about privacy and data protection. Given the ACCC is also considering enforcement action against Google’s advertising strategies, it appears Big Tech companies are already in regulatory cross-hairs for anti-competitive behaviour. However, in recent times the ACCC has prosecuted a number of ‘consumer privacy’ cases with great success against SME’s as well as the Tech giants.
Although this decision is related to the collection of location data, it is couched in terms of ‘consumer privacy’ and personal information. We consider it significant for all businesses that collect personal information in general and from consumers in particular. Businesses need to ensure that they are fulfilling their Consumer Law and Privacy obligations, and to provide data collection notices without misleading or deceiving customers.
Clyde & Co has the largest dedicated and rapidly expanding cyber incident response and privacy practice in Australia and New Zealand. Our experienced team have dealt with over 1000 data breach and technology related disputes and some of the regions most significant privacy related matters in recent times, including a number of the largest and most complex incidents in Asia Pacific to date. The firm's cyber and privacy practice provides an end-to-end risk solution to clients. From advice, strategy, transactions, innovations, pre-incident readiness and incident response through to regulatory investigations, proceedings, third party claims (including group litigation) and recoveries, the team assists corporate clients, insurers, insureds and brokers across the full cyber and privacy lifecycle. Our team is also highly regarded for its expertise and experience in managing all forms of disputes across sectors including advising on some of the most newsworthy class actions commenced in Australia.
Our 24 hour cyber incident response hotline allows you to access our team directly around the clock. For more information, contact us on: