Categories: Tech NewsTechCrunch+

Google users not given sufficient choice over its data processing, says German antitrust watchdog

Bad news for Google in Germany — where the antitrust watchdog has issued a preliminary statement of objections over its data processing terms and said it’s currently planning to require the tech giant to provide users with more choice over what it does with their information.

The Bundeskartellamt, or Federal Cartel Office (FCO), has been investigating Google’s T&Cs for processing user data since May 2021.

At issue is how Google collects and connects user data across multiple services — and whether it offers users sufficient choice over its profiling of them for ad targeting. This has landed on the radar of the antitrust regulator since a lack of choice for consumers can negatively affect competition.

“The Bundeskartellamt has reached the preliminary conclusion that, based on the current terms, users are not given sufficient choice as to whether and to what extent they agree to this far-reaching processing of their data across services. The choices offered so far, if any, are, in particular, not sufficiently transparent and too general,” the FCO writes in a press release. “According to the Bundeskartellamt’s current assessment, sufficient choice particularly requires that users are able to limit the processing of data to the specific service used. In addition, they also have to be able to differentiate between the purposes for which the data are processed.

“Moreover, the choices offered must not be devised in a way that makes it easier for users to consent to the processing of data across services than not to consent to this. General and indiscriminate data retention and processing across services without a specific cause as a preventive measure, including for security purposes, is not permissible either without giving users any choice. Therefore, the Bundeskartellamt is currently planning to oblige the company to change the choices offered.”

A year ago the German regulator confirmed the adtech giant falls under a special abuse control regime that was passed as an update to domestic competition law at the start of 2021 — aimed at digital giants with so called “paramount significance across markets” — allowing the FCO to take proactive measures to correct anti-competitive practices it identifies. That means the German competition regulator is already empowered to order corrections on Google more efficiently than would be possible under traditional ‘ex-post’ antitrust laws.

In a statement, the watchdog’s president, Andreas Mundt, added: “Google’s business model relies heavily on the processing of user data. Due to its established access to relevant data gathered from a large number of different services, Google enjoys a strategic advantage over other companies. Google’s practices must be measured against the requirements under the new competition rules for large digital companies. The company has to give users sufficient choice as to how their data are processed.”

Google will now have an opportunity to comment on the FCO’s objections, as its administrative proceeding continues — and the tech giant could either try to justify its practices to the regulator or offer suggested remedies to alleviate its concerns (as it did to seek to settle an FCO probe of its News Showcase product last year).

A final decision on the matter expected this year, per the Bundeskartellamt.

Google was contacted for comment on the statement of objections. Update: A Google spokesperson said:

People expect us to operate our business responsibly — by both maintaining product experiences that put users first and updating our services continuously to meet the expectations of regulators. We’ll continue to engage constructively with the FCO to try and resolve their concerns.

If the FCO presses ahead, and requires that Google offer its users a meaningful choice to refuse cross-service tracking, it could have broad significance — given the future of ad targeting looks set to be tied to processing of so-called first party data (aka, data collected by a company from its own users).

(Reminder: Three years ago, Google announced a plan to deprecate support for third party tracking technologies in its Chrome browser and switch to (it claims) more privacy-preserving alternatives for ad targeting (aka its “Privacy Sandbox” proposal). That project is ongoing — under close regulatory supervision by the UK’s competition watchdog.)

Google’s planned deprecation of support for tracking cookies has triggered competition complaints from regional publishers and marketing industry players — who are concerned the shift will further entrench its dominance of online advertising, given how much first party data its business gathers by tracking and triangulating usage of popular web services like search, YouTube, Google Maps and on mobile via Google’s Android platform.

This suggests that any regulatory mandate that makes it harder for Google to join-up first party data — and beat against its ability to build superprofiles of its own users by tracking them across multiple mainstream services it owns — could be highly significant in shrinking its competitive advantage in a post-tracking cookie world.

And while any FCO order to Google that reduced its ability to join up usage across different services would only apply to its business in Germany, the European Union now has a similar ex ante update to competition regulation — in the form of the Digital Markets Act (DMA) — which could end up applying (broader) obligations and/or restrictions on how Google processes data right across the bloc.

The DMA, which came into force last November and will start to be applied this year, applies a set of up-front rules to the core platform services of tech giants that are designated as Internet gatekeepers once the European Commission makes those designations.

That work will take place in the coming months — and Google is widely expected to be subject to the pan-EU special abuse regime — although it remains to be seen which of its services may be designated as core platform services under the DMA.

It’s worth emphasizing there is some difference of approach between the German special abuse regime and the DMA. So the FCO’s action here likely won’t be exactly replicated by the Commission’s application of the DMA. But while the latter — a pan-EU regulation — will have primary application once it’s fully up and running, national regimes (such as the one the FCO is applying here against Google) can continue to be applied in parallel provided that specific rules on conflicts are observed (so, basically, use will need to be complementary).

That suggests Google is unlikely to be able to rely on the DMA to wiggle out of any more fulsome restrictions applied to its business in Germany — which is also the largest consumer market in the EU. So the FCO’s intervention remains a significant one.

The regulator’s press release notes that its proceeding against Google is based on its assessment of German competition law — but it also suggests the DMA is “likely to apply to certain Google services in the future”.

“While the DMA also includes a provision which addresses the processing of data across services, this applies only if so-called core platform services, which still have to be designated by the European Commission, are involved,” it adds. “The present proceeding based on the national provision under Section 19a GWB partially exceeds the future requirements of the DMA. In this regard, the Bundeskartellamt is in close contact with the European Commission.”

Google users not given sufficient choice over its data processing, says German antitrust watchdog by Natasha Lomas originally published on TechCrunch

Recent Posts

Unlocking the Secrets of JSON.stringify(): More Than Meets the Eye

JSON (JavaScript Object Notation) is a lightweight data-interchange format widely used in web development. At…

2 months ago

How to Handle AJAX GET/POST Requests in WordPress

AJAX (Asynchronous JavaScript and XML) is a powerful technique used in modern web development that…

3 months ago

Page Speed Optimization: Post-Optimization Dos and Don’ts

Introduction After successfully optimizing your website for speed, it's essential to maintain and build upon…

3 months ago

Ultimate Guide to Securing WordPress Folders: Protect Your Site from Unauthorized Access

Securing your WordPress folders is crucial to safeguarding your website from unauthorized access and potential…

4 months ago

HTML CSS PHP File Upload With Circle Progress Bar

Creating a file upload feature with a circular progress bar involves multiple steps. You'll need…

5 months ago

Using WP Rocket with AWS CloudFront CDN

Integrating WP Rocket with AWS CloudFront CDN helps to optimize and deliver your website content…

5 months ago