Google accused of “illegally” tracking Android users

The AAID is unique to all Android devices and can be shared with third parties for more effective targeted advertising

Renowned privacy activist and lawyer Max Schrems has accused Google of tracking Android users without their consent. 

Schrems has filed a complaint with the French data protection regulator that accuses the tech giant of infringing the privacy rights of the more than 300 million European citizens who use Android phones by generating unique advertising codes for each user. 

These Android Advertising Identifiers (AAIDs), according to Schrems’ organisation Noyb (None Of Your Business), allows both Google and third-party developers and advertisers to track users’ browsing behaviour to more effectively target them with ads. 

Android creates AAIDs without the user’s knowledge or their consent, the complaint claims, meaning that Google contravenes the 2002 ePrivacy Directive, also known as the cookie law, according to Schrems. This regulation is separate from GDPR and in the process of revision.

“Imagine having coloured powder on your feet and hands that marks your every step and action: everything you touch within the mobile ecosystem,” said privacy lawyer at Noyb, Stefano Rossetti. 

“And you can’t remove it - you can only change it to a different colour. This is what the Android Advertising ID is all about – a tracker that marks your every action within and beyond the mobile ecosystem.

“The extent of this case is bewildering. Almost all Android users seem to be affected by this technology. We, therefore, hope that the French CNIL will take action.”

According to the complaint, Android creates the AAID without consent and it serves as a license plate that uniquely identifies the phone. Google, as well as third parties, can then access the code to track user behaviour, elaborate consumption preferences and fine-tune targeted advertising. 

Google not only installs the AAID without consent, Noyb claims, but also denies users the option of deleting it. As the organisation demonstrated in a previous complaint, users can only ‘reset’ the code and are forced to generate a new tracking AAID to replace the original.

Related Resource

IT Pro 20/20: Meet the companies leaving the office for good

The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021

IT Pro 20/20: Leaving the office for goodDOWNLOAD NOW

Filing the complaint under the ePrivacy Directive versus GDPR also means the French regulator, CNIL, will make a decision on its own, rather than needing to liaise with its European counterparts as would be required under GDPR.

This latest complaint follows a similar charge levied against Apple for a tool included with iOS 14 that tracks iPhone user behaviour without their consent. The group claimed that Apple’s IDFA stores behavioural data that operates in exactly the same way as the Android tracker the Noyb has launched its most recent complaint about.

Schrems has a track record of success when making such complaints, having previously been responsible for the complaint which invalidated the primary EU-US data-sharing mechanism, known as the Privacy Shield.

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022