GDPR complaints against Google for tracking filed with seven EU DPAs

Photo by Krissana Porto on Unsplash

On November 27, 2018, the European Consumer Organisation (BEUC), informed that seven EU consumer organizations filed complaints against Google with their national data protection authorities (DPAs) for breaching the General Data Protection Regulation (GDPR) in relation to how the company tracks its users’ location.

The complaints are based on new research (Every step you take) published by Forbrukerrådet, the Norwegian consumer organization. According to the report, Google tracks the location of its users by using “deceptive design and misleading information, which results in users accepting to be constantly tracked”.

The tracking is implemented and enabled through the features “Location History” and “Web & App Activity”, which are integrated into all Google accounts, and are used to facilitate targeted advertising.

The consumer organizations involved are the Norwegian, the Dutch (Consumentenbond), the Greek (Ekpizo), the Czech (dTest), the Slovenian (Zveza Potrošnikov Slovenije), the Polish (Federacja Konsumentów) and the Swedish consumer organization (Sveriges Konsumenter).

Responding to the complaint, a Google spokesperson sent TechCrunch the following statement:

Location History is turned off by default, and you can edit, delete, or pause it at any time. If it’s on, it helps improve services like predicted traffic on your commute. If you pause it, we make clear that — depending on your individual phone and app settings — we might still collect and use location data to improve your Google experience. We enable you to control location data in other ways too, including in a different Google setting called Web & App Activity, and on your device. We’re constantly working to improve our controls, and we’ll be reading this report closely to see if there are things we can take on board.


The report: Every step you take is available at…



For more information and assistance on privacy, data protection, and GDPR, Francesca Giannoni-Crystal and Federica Romanelli.



Follow us on& Like us on