The Federal Trade Commission is investigating a new Google (Alphabet Inc. (NASDAQ: GOOGL)) advertising program that tracks consumers’ purchases in brick and mortar stores. The Electronic Privacy Information Center claims that Google is gaining access to highly sensitive information regarding credit and debit card purchase records of U.S. consumers without revealing how the information is obtained.
Google claims that this advertising approach is common and that a new custom encryption technology makes sure that user’s data remains private, anonymous, and secure. The company wanted to prove that clicks on online ads will lead to purchases at cash registers of physical stores. Google obtained access to the credit and debit card records of 70% of U.S. shoppers and developed a mathematical formula that would anonymize and encrypt the transaction data. The transactions would then be matched to users of Google and Google owned services such as Gmail, YouTube, and maps. This would then prevent Google from accessing credit or debit card data.
However, Google did not disclose the mathematical formula that protects shoppers’ data. The government was asked to review the algorithm itself instead on trusting Google’s word for it. The company also wouldn’t reveal which companies were providing transaction records claiming that their unnamed partners have the rights necessary to use the data. Google didn’t respond to whether or not users had given consent to have their credit and debit transactions shared.
The company claims that users can opt out anytime by going to their “My Activity Page”, click on “Activity Controls” and uncheck “Web and Web Activity”. However, The Electronic Privacy Information Center says that google continues to store server and click data even when the controls are turned off. Opting out of location tracking requires going to a separate button and interface where none of the descriptions specifically describes credit or debit card data.