Google accused of “illegally” tracking Android users

The AAID is unique to all Android devices and can be shared with third parties for more effective targeted advertising

Renowned privacy activist and lawyer Max Schrems has accused Google of tracking Android users without their consent. 

Schrems has filed a complaint with the French data protection regulator that accuses the tech giant of infringing the privacy rights of the more than 300 million European citizens who use Android phones by generating unique advertising codes for each user. 

These Android Advertising Identifiers (AAIDs), according to Schrems’ organisation Noyb (None Of Your Business), allows both Google and third-party developers and advertisers to track users’ browsing behaviour to more effectively target them with ads. 

Android creates AAIDs without the user’s knowledge or their consent, the complaint claims, meaning that Google contravenes the 2002 ePrivacy Directive, also known as the cookie law, according to Schrems. This regulation is separate from GDPR and in the process of revision.

“Imagine having coloured powder on your feet and hands that marks your every step and action: everything you touch within the mobile ecosystem,” said privacy lawyer at Noyb, Stefano Rossetti. 

“And you can’t remove it - you can only change it to a different colour. This is what the Android Advertising ID is all about – a tracker that marks your every action within and beyond the mobile ecosystem.

“The extent of this case is bewildering. Almost all Android users seem to be affected by this technology. We, therefore, hope that the French CNIL will take action.”

According to the complaint, Android creates the AAID without consent and it serves as a license plate that uniquely identifies the phone. Google, as well as third parties, can then access the code to track user behaviour, elaborate consumption preferences and fine-tune targeted advertising. 

Google not only installs the AAID without consent, Noyb claims, but also denies users the option of deleting it. As the organisation demonstrated in a previous complaint, users can only ‘reset’ the code and are forced to generate a new tracking AAID to replace the original.

Related Resource

IT Pro 20/20: Meet the companies leaving the office for good

The 15th issue of IT Pro 20/20 looks at the nature of operating a business in 2021

IT Pro 20/20: Leaving the office for goodDOWNLOAD NOW

Filing the complaint under the ePrivacy Directive versus GDPR also means the French regulator, CNIL, will make a decision on its own, rather than needing to liaise with its European counterparts as would be required under GDPR.

This latest complaint follows a similar charge levied against Apple for a tool included with iOS 14 that tracks iPhone user behaviour without their consent. The group claimed that Apple’s IDFA stores behavioural data that operates in exactly the same way as the Android tracker the Noyb has launched its most recent complaint about.

Schrems has a track record of success when making such complaints, having previously been responsible for the complaint which invalidated the primary EU-US data-sharing mechanism, known as the Privacy Shield.

Featured Resources

Shaping the workplaces of the future

Rise to the challenge

Download now

Enabling a hybrid future

A guide to setting up new working practices

Download now

Seven steps to successful digital innovation and transformation

What to invest in and what to avoid when pursuing digital transformation

Watch now

Defend your organisation from evolving ransomware attacks

Learn what it takes to reduce risk and strengthen operational resiliency

Download now

Recommended

Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021
Misconfigured cloud services exposed 100 million Android users' data
data breaches

Misconfigured cloud services exposed 100 million Android users' data

21 May 2021
Senators introduce a new bill to protect consumer data privacy
data protection

Senators introduce a new bill to protect consumer data privacy

20 May 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021
WWDC 2021: Apple unveils iOS 15, macOS Monterey and more
iOS

WWDC 2021: Apple unveils iOS 15, macOS Monterey and more

8 Jun 2021