The Problems of Internet Privacy and Big Tech Companies

An examination of internet privacy today.

Pawel Czerwinski / Unsplash

Here is a picture of the Google logo. The company was recently sued for internet privacy violations, and other states are in the process of suing this big corporation.

As the world is becoming increasingly digitized, concerns about internet privacy are amplified. Big Tech companies such as Amazon, Google, Apple, Meta (Facebook), and Microsoft, have faced scrutiny for using unethical practices. There are concerns about the Amazon Echo recording conversations, Apple handing over data to whoever asks, and Google selling user data. 

Google was recently sued by 40 states for violating the privacy of its users. The case revolved around  the unclarity of its location tracking policies, and Google paid a record-breaking $392 million to these states. This settlement is the largest internet privacy settlement in the history of the United States. 

States have been taking charge against these big companies, not the federal government. 40 states such as Oregon and Tennessee led the lawsuit. The state attorney generals accused the tech company of misleading users. Users believed that the company would stop collecting their information after location tracking was turned off in their settings. However, the company continued to collect this sensitive information. This lawsuit by the 40 different states is not the only lawsuit that Google has to contend with. The company had to settle with Arizona for $85 million dollars, and it is being sued by Washington D.C, Texas, and Indiana as well. These individual suits have one thing in common: location tracking issues.

This study from the Associated Press and Princeton researchers exemplifies the issue. Certain apps like Google Maps would pinpoint a user’s location down to their exact longitude and latitude, and even searches that seemed innocuous would save that location to the user’s Google account. While users thought that their location history would not be collected due to them turning off that setting, the opposite was occurring. This investigation, which revealed that various other apps collected that information, led to the lawsuit.

Google is also facing pressure from the European Union through antitrust lawsuits and lawsuits regarding  internet privacy. Unlike the U.S., the E.U. has taken a more hardline stance on these Big Tech companies.

One measure they have taken is the General Data Protection Regulation, or  the GDPR. The E.U. claims that it is the “toughest privacy and security law in the world.” The GDPR is a law that was created after several European nations realized a need for modernization in this increasingly technological world. It was passed in 2016, and companies needed to comply by May 25th, 2018.

The GDPR applies to any company that involves itself with individuals inside the E.U., and any company that violates it will be subject to harsh fines of up to €20 million or 4% of that company’s total revenue. The reason it was fined was that it failed to obtain user consent for ad personalization. In fact, in 2019, Google was fined €57 million for violating the GDPR. The same agency that fined Google, the Commission Nationale de l’informatique et des Libertés, or CNIL, said that Google “posed security risks.” It also has been targeted by consumer rights groups in Europe for violating user consent. 

Unlike the E.U., however, the U.S. does not have a comprehensive law to protect all sorts of user data; it has many fractured ones, including the HIPAA (Health Insurance Portability and Accountability Act), FCRA (Fair Credit Reporting Act), COPPA (Children’s Online Privacy Protection Act), and VPPA (Video Privacy Protection Act). These laws are also outdated, and they have not been updated to fit with the times. Unfortunately, in most states, companies can do whatever they want with someone’s data without informing them. The only three states that have comprehensive privacy laws are California with CCPA (California Consumer Privacy Act) and CPRA (California Privacy Protection Agency), Virginia with VCDPA (Virginia Consumer Data Protection Act), and Colorado with ColoPA (Colorado Privacy Act). Unlike the E.U., which targets companies all over the world, these laws only apply to people who live in these states. 

The pitiful state of consumer protection laws in the U.S. is what allows these companies to take advantage of users. Facebook and Google had to reinvent their privacy laws in the face of the E.U. and the GDPR. The U.S. with its outdated and fractured laws will need to catch up to the E.U. 

Google makes a lot of money from selling user  data. Over 80% of its revenue comes from its advertising business. Advertisers target their ads based on what each user searches from information gathered from Google. Google sells the data they collect so ads can be better suited to a user’s interests. In the words of Bruce Scheiner, who is a world-renowned security technologist, “Google’s business model is to spy on every aspect of their users’ lives and to use that information against their interests — to serve them ads and influence their buying behavior.”

Google essentially holds auctions on search keywords: When a user searches for something, Google tries to find relevant ads to that person’s search, then a list of ads is ranked in accordance to relevance, bid, and quality. To some, this might sound dystopian, 1984-esque, but to advertisers and Google, this is just another way to make money. 

Here is Sundar Pichai, the CEO of Alphabet Inc. and its daughter company, Google. Pichai has been criticized for his company’s lax privacy policies.
(YouTube, CC BY 3.0 <https://creativecommons.org/licenses/by/3.0>, via Wikimedia Commons)

Advertisers also make use of Google Analytics. Google Analytics is a service that allows companies to make note of the activity of people who go on their websites. The CNIL believed that the service gave U.S. intelligence agencies access to the data of French users and Google hadn’t done enough to guarantee privacy when data was transferred between Europe and the U.S. 

In the midst of these lawsuits and settlements, Google and other tech companies are reinventing the ways they approach user data. For example, Apple has recently implemented a pop-up window so users can make the choice of whether they want their information to be tracked by an app. However, that pop-up window does not completely protect users from privacy violations. does not Google made a timeline that estimates how long it will take to eventually eliminate trackers in Google Chrome.

This plan would be gradual, slowly phasing out cookies until they are completely eliminated from the browser in 2023. This is an attempt to satisfy regulators that have been pressuring Google about their privacy policies. This plan is an attempt at compromise with both parties, collecting data while not being too intrusive.

Alongside Apple’s implementation of a pop-up window, it also requires apps to show what data is collected. Gmail, one of the most popular apps on the Apple Store, collects location, identifiers, usage data, purchases, contact information, user content, search history, diagnostics, and other data. Compared to other apps like Apple Mail and Microsoft Outlook, Gmail collects a disproportionate amount of data. While Google said that they do not use this information for advertising purposes, it is still worrying for regulators and people who care about their digital footprint.

People are relying more and more on technology, especially the technology made by Microsoft, Apple, Amazon, and Google.. There needs to be more accountability on both these companies and governments to protect the rights of consumers. Google and Facebook have made some improvements in their data tracking, with Google moving to eliminate cookies and Facebook making attempts at not letting third parties see the data of their users, but this is just the bare minimum. While the U.S. federal government has not caught up with the memo, many states are in the process of creating comprehensive privacy laws and are actively going after these tech companies. The E.U. has also been using the GDPR to its fullest, making sure that companies do not violate the law. Schneier said, “Breaking up the large tech monopolies is the first — and most important — thing. Then we need to decide what parts of the surveillance models are moral, and compatible with the kind of society we want to live in.”

The pitiful state of consumer protection laws in the U.S. is what allows these companies to take advantage of users. Facebook and Google had to reinvent their privacy laws in the face of the E.U. and the GDPR. The U.S. with its outdated and fractured laws will need to catch up to the E.U.