A group of 10 US Senators, led by Amy Klobuchar, Elizabeth Warren, and Mazie Hirono, have penned a letter to Google seeking answers about its location data privacy practices.
Google's commitment to delete sensitive location data of users visiting certain facilities, such as abortion clinics and addiction treatment centers, has come under scrutiny. This comes after reports that Google has not been consistently deleting this data as promised, raising concerns about the potential misuse of such information.
The privacy of location data is a significant concern, especially when it relates to sensitive health and personal matters. Google's commitment to delete location history when users visit certain facilities was seen as a positive step towards protecting user privacy. However, the alleged inconsistency in upholding this commitment could expose users to targeted advertising and other privacy risks. Furthermore, with the overturning of Roe v. Wade, there are concerns that location data could be used to penalize individuals seeking abortions.
In their letter to Google CEO Sundar Pichai, the Senators expressed concern that Google is not upholding its commitment to delete sensitive location data, particularly when it can reveal private healthcare decisions.
They wrote, "Last July, Google rightly noted that location data can be very personal and announced that it would delete entries of sensitive locations from the Location History feature 'in the coming weeks.'
The locations in the announcement included counseling centers, domestic violence shelters, abortion clinics, fertility centers, and addiction treatment facilities. Now, over 10 months after this announcement, reporters for the Washington Post visited hospitals, fertility clinics, and Planned Parenthood clinics in multiple states and found instances where Google stored the exact name and address of the location visited (e.g., 'Planned Parenthood – San Francisco Health Center')."
The Senators noted, "Another report found that Google failed to delete sensitive location data in nearly 60 percent of test cases over the last several months. Claiming and publicly announcing that Google will delete sensitive location data, without consistently doing so, could be considered a deceptive practice."
In an update on The Keyword, Jen Fitzpatrick, Senior Vice President of Core Systems & Experiences, said, "To prevent the inadvertent creation of persistent entries, we'll soon be rolling out an update where you will no longer be able to add such an entry, and you won't be prompted to confirm such a visit."
In response to the Senators' concerns, Google referred to a blog post that partially answered their questions. The post defines sensitive locations as including counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, and cosmetic surgery clinics. However, it does not address the Senators' request for clarification on what Google means when it claims the data will be deleted "soon after" a visit.
The Senators have given Google until the end of the week to respond to their inquiry. They have requested a third-party audit to verify the company's protocol for deleting users' location data. They have also implied that Google's conduct could be grounds for an investigation by the Federal Trade Commission, which is authorized to police unfair and deceptive business practices.
The issue highlights the ongoing tension between tech companies and lawmakers over data privacy. As digital platforms continue to collect vast amounts of user data, ensuring the privacy and security of this information remains a critical challenge. This incident serves as a reminder of the importance of transparency and accountability in how tech companies handle user data, particularly when it comes to sensitive information.
Related: HIPAA Compliant Email: The Definitive Guide