Seven privacy advocacy groups will be reporting Google to their relevant data protection authority, claiming the firm is violating GDPR through location tracking of users.

Forbrukerrådet (Norway), Consumentenbond (The Netherlands), Ekpizo (Greece), dTest (Czech Republic), Zveza Potrošnikov Slovenije (Slovenia), Federacja Konsumentów (Poland) and Sveriges Konsumenter (Sweden) will all file complaints, while vzbv in Germany is considering action for an injunction and the  Transatlantic Consumer Dialogue will bring it to the attention of the Federal Trade Commission. This is of course not the first time Google has faced complaints in the EU over privacy, but the volume here might cause a headache.

The complaint is a simple one. Even if a dataset has been anonymised by Google, detailed information on that users location can make this irrelevant, while in-depth and personal insights can be learned, violating user rights to privacy. For example, if a smartphone is stationary for eight hour consistently, at the same time every night, it would be a fair assumption this is the home address of the person, while learning about what bars they visit could give away the sexual persuasion of the individual.

Not only are these insights which can be used for personalised advertising, but the data can be sold onto other companies to dictate was services are sold to that individual at what price. An insurance company could up premiums for someone who never visits the gym, but this is not personal information which the individual has given permission to be released. Some would argue it is an invasion of privacy, others would suggest it is statistical science and fair game.

One of the complaints being made against Google is the lack of transparency. Yes, Google has made the consumer aware it collects information when the opt-outs are not altered in ‘location history’ settings tabs, though it has not made the user aware this opt-out could be irrelevant. By using other apps and services, Google is collecting the data in any case. Once it is said out loud it should seem obvious, even if you have opted out when you want to use the Maps app, you will have to send Google your location data, but the slight contradiction has the capacity to confuse users. This is not what many would consider complete transparency.

“Google’s practices leave consumers very little choice other than providing their location data, which is then used by the company for a wide range of purposes including targeted advertising,” European privacy group BEUC said in a statement. “BEUC and its members argue that these practices contradict basic principles of the GDPR, such as the lawfulness, transparency and fairness of processing, and infringe on data subject’s rights such as the right to information. In our assessment Google notably lacks a lawful legal ground for processing the location data in question.”

There will of course be investigations over the course of the next couple of months, as we suspect there will be more complaints filed in the near future, though this will be a test of GDPR. As a reminder, the largest fine which the EU can impose is 3% of annual turnover. Google might have been able to swallow previous fines from the EU, but this one will be a bit more difficult to justify.