EPIC Complains To FTC About Google's Credit Card Tracking

You know Google tracks your online activities; did you know it also collects information about what you do offline? The Electronic Privacy Information Center (EPIC) has complained to the FTC about Google tracking in-store purchases and connecting that data to online actions.

Neither online nor offline tracking is particularly novel. Companies have long monitored every swipe of your debit or credit card to better understand your shopping habits. (Remember that Target was able to predict that a teenage girl was pregnant before she even told her parents.) They're able to collect even more information online--companies like Google know the sites you visit, the ads you click on, and the things you talk about via email. The problem arises when online and offline tracking is combined to create a holistic view of pretty much everything you do.

According to EPIC, that's exactly what Google's doing with this purchase data. The rights group explained in its complaint:

Google has collected billions of credit card transactions, containing personal customer information, from credit card companies, data brokers, and others and has linked those records with the activities of Internet users, including product searches and location searches. This data reveals sensitive information about consumer purchases, health, and private lives. According to Google, it can track about 70% of credit and debit card transactions in the United States.

EPIC said it's even more troubling that Google hasn't revealed how it "deidentifies" consumers when it tracks their purchases. This undermines the company's claim that it can use both online and offline data without harming someone's privacy. If third parties can't verify that Google isn't misusing personal information--which would require the company to reveal how its algorithms work--then the only way to protect consumer privacy, the thinking goes, is to involve government regulators. That's why the rights group decided to lodge this complaint with the FTC. EPIC said in the filing:

Google’s reliance on a secret, proprietary algorithm for assurances of consumer privacy, Google’s collection of massive numbers of credit card records through unidentified 'third-party partnerships,' and Google’s use of an opaque and misleading 'opt-out' mechanism are unfair and deceptive trade practices subject to investigation and injunction by the FTC.

EPIC said in a blog post that it wants the FTC to "stop Google's tracking of in-store purchases and determine whether Google adequately protects consumer privacy." Now the ball is in the FTC's court, and we'll have to see how the commission decides to respond to these latest allegations against the world's leading search engine provider.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • derekullo
    I don't click on any ads.

    Noscript + adblock plus + host file from winhelp2002.mvps.org/hosts.htm

    Take that Google.

    I guess now I will have to start making purchases with Visa gift-cards from Walgreen.

    Won't be long till i have to break out the aluminum hats.
    Reply
  • LORD_ORION
    "the things you talk about via email"

    Not even, if you have a mic within 20 feet of you, assume google has run "the things you talk about" through voice recognition to cherry pick marketing key words.
    Reply
  • alextheblue
    20005761 said:
    I don't click on any ads.

    Noscript + adblock plus + host file from winhelp2002.mvps.org/hosts.htm

    Take that Google.

    I guess now I will have to start making purchases with Visa gift-cards from Walgreen.

    Won't be long till i have to break out the aluminum hats.
    I hope you buy those Visa gift cards with cash. :D They're everywhere. Do you use an Android device? Do you use ANY Google-owned or affiliated services, or websites that run on Google or use Google services? It's possible in some situations for them to track you even with the precautions you've taken, to some degree. Also, it's not just one or two stores. Like the article says, 70% of offline credit card transactions, Google scoops data on. A lot of people link cards to services like Google Play, too.

    I run an adblocker but I disable it for sites I like to support (such as Tom's). I knew they tracked me online, but I didn't realize the extent to which they collected offline data until recently. One night on my way home from work (about a month ago), I bought a box of Kashi brand non-GMO cookies at Giant on a whim. I have never bought or searched for these cookies or brand before. That night I was browsing the web and boom, ads for Kashi cookies (on a site I didn't disable ads for, that uses Google ads). That's when I really started to think about how much they track offline credit card purchases. The bad part is that I use my credit cards a lot - I get 3% cash back on groceries and fuel, just as one example. Plus it's more convenient, no trips to an in-network no-fee ATM. If stores offered me a 3% discount to use cash, I would go out of my way to use cash. Perhaps they offset the credit processing fees by selling data to an advertisement firm like Google.

    Anyway, they claim to anonymize the data, but all we can really do is take their word for it.
    Reply
  • lun471k
    For those running an adblocker and that are a little bit tech savvy, you might want to give a try at Pi-Hole. Although it's pushed as a Raspberry Pi app, I installed it on my Ubuntu/Debian distros and all the traffic going through my router passes through the Pi-Hole. It has custom block lists. No more ads, no more trackers. Even my ChromeCast doesn't show ads anymore. Thought it might be useful to other people.
    Reply