Press "Enter" to skip to content

EU Privacy Advocates File French Complaint on Google’s ‘Tracking Code’ for Android Phones

By Robert Bateman

European privacy advocates have filed a complaint with French regulators against Google’s “tracking code,” which is installed on every Android device by default, allegedly in violation of EU privacy laws.

The European Center for Digital Rights (None of Your Business — NOYB) said Google’s Advertising ID (AAID), a unique string of characters assigned to every Android user, was like a “digital license plate” that Google used to “build a rich profile about the user and their preferences and behavior.”

The complaint, filed last month with France’s data regulator, the Commission nationale de l’informatique et des libertés (CNIL), alleged that installing AAID on user devices without consent violated an EU law known as the ePrivacy Directive.

“Google is a major player in the adtech industry and has a huge financial incentive to track users through the AAID.”’

Lützow-Holm Myrstad, Norwegian Consumer Council.

“In our opinion, under the ePrivacy Directive, there is no room for an installation of the AAID without the user’s consent,” Stefano Rossetti, privacy lawyer with NOYB, told Digital Privacy News.

Google did not respond to a request for comment regarding the April 7 complaint.

Launched in 2014

Google introduced AAID (also known as the Google Advertising ID or GAID) in 2014, ostensibly to allow Android users better control over how apps collected and shared their information.

The AAID allows third-party app developers to track users’ device activity and target them with ads.

Users can reset AAID in Android settings, effectively deleting it — however, the device spontaneously will generate a new AAID. This functionality was the subject of an earlier NOYB complaint filed with the Austrian data-protection authority in May 2020.

“Under the ePrivacy Directive, there is no room for an installation of the AAID without the user’s consent.”

Stefano Rossetti, NOYB.

Rossetti alleged that Google’s failure to allow users to delete AAID permanently violated the EU’s General Data Protection Regulation (GDPR).

“The case is still running with the Austrian authority,” he said.

Last November, NOYB lodged a similar complaint against Apple with regulators in Spain and Berlin, alleging that Apple installed its IDFA (ID For Advertisers) on iOS devices without consent.

Google vs. Apple

Finn Lützow-Holm Myrstad, director of digital policy at the Norwegian Consumer Council, said that Google’s AAID and Apple’s IDFA were “mostly equivalents,” but that some “important differences” existed between the tracking technologies.

Opting out of IDFA on an Apple device “actually removes the ID from the device,” Lützow-Holm Myrstad explained, whereas “on Android devices, this doesn’t happen.” 

“Additionally, Google is a major player in the adtech industry and has a huge financial incentive to track users through the AAID,” he told Digital Privacy News. 

“Although Apple may also use the IDFA for tracking, it is not a significant player in ad tracking, and thus has less of an incentive to abuse the mechanism.

“With that being said, we agree with NOYB that both the AAID and the IDFA should not be generated by default,” Lützow-Holm Myrstad said.

“Surrender your privacy completely, or opt out of the online world.”

Rebecca Rumbul, U.K. privacy advocate.

Rebecca Rumbul, a U.K. privacy advocate who is pursuing a legal claim against tech companies Oracle and Salesforce over allegations of illegal tracking, said it was “clear” that “adtech tracking without explicit and informed consent is unlawful — whatever form it takes.”

Rumbul said firms like Google were presenting users with a stark choice: “Surrender your privacy completely, or opt out of the online world.”

Robert Bateman is a writer in Brighton, U.K.

Sources: