Texas Sues Google Over Facial Data Collection

The state of Texas is suing Google for illegally collecting Texans’ facial and voice recognition information without their consent, according to a statement issued by the state attorney general’s office on Thursday.

For over a decade, a Texas consumer protection law has barred companies from collecting data on Texans’ faces, voices or other biometric identifiers without receiving prior informed consent. Ken Paxton, the state’s attorney general, said Google violated this law by recording identifiers such as “a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry.

“In blatant defiance of that law, Google has, since at least 2015, collected biometric data from innumerable Texans and used their faces and their voices to serve Google’s commercial ends. Indeed, all across the state, everyday Texans have become unwitting cash cows being milked by Google for profits.”

The law imposes a $25,000 fine for every violation. According to reports, millions of users in Texas had their information stored. The complaint explicitly references the Google Photos app, Google’s Nest camera, and Google Assistant as means of collection.

Embed from Getty Images

A spokesman for Google, José Castañeda, accused Paxton of “mischaracterizing” products in “another breathless lawsuit.”

“For example, Google Photos helps you organize pictures of people by grouping similar faces, so you can easily find old photos. Of course, this is only visible to you, and you can easily turn off this feature if you choose and we do not use photos or videos in Google Photos for advertising purposes. The same is true for Voice Match and Face Match on Nest Hub Max, which are off-by-default features that give users the option to let Google Assistant recognize their voice or face to show their information. We will set the record straight in court.”

This lawsuit is the latest in a string of major cases brought against the company. Earlier this month, Arizona settled a privacy suit against Google for $85 million. Indiana, Washington and the District of Columbia also sued Google in January over privacy invasions related to location tracking.

In a much larger antitrust case, 36 states filed a lawsuit against Google in July over its control of the Android app store.

Paxton has gone after large technology corporations in the past for their privacy and monopolizing practices. In 2020, his office joined nine other states in filing an antitrust lawsuit against Google, which accused it of “working with Facebook Inc. in an unlawful manner that violated antitrust law to boost its already-dominant online advertising business.”

Embed from Getty Images

After the Jan. 6 insurrection, Paxton demanded Twitter, Amazon, Apple, Facebook and Google to be transparent about their content moderation procedures. This year, he also opened an investigation into Twitter over its reported percentage of fake accounts, saying that the company may be disingenuous about its numbers to inflate its value and raise its revenue.

In February, Paxton sued Meta for facial recognition software it provided users to help tag photos. The lawsuit is ongoing. However, Instagram is now required to ask for permission to analyze Texans’ facial features to properly use facial filters.

“Google’s indiscriminate collection of the personal information of Texans, including very sensitive information like biometric identifiers, will not be tolerated. I will continue to fight Big Tech to ensure the privacy and security of all Texans.”

In 2009, Texas revealed its privacy law, which covered biometric identifiers. Other states were implementing similar laws around the country during this same time. Texas was unique in that in the case of violations, the state of Texas would have to sue on behalf of the consumers.

Tinder App

New Study Proves Popular Dating Apps Are Selling Your Data To Advertisers

One of the universal complaints that most have with technology, social media, cell phones, etc. is the lack of clarity regarding privacy. Certain apps and services often say that they keep your information confidential, but how much of that is actually accurate? How many times have you been scrolling through your Twitter feed and seen an ad for a product that you haven’t even searched for on your device, but you were thinking about it? The lines of confidentiality have always been blurred when it comes to our phones, and now, according to a new study, we have even more facts to back that up.

An advocacy group known as the Norwegian Consumer Council recently conducted a study in which they analyzed the logistics of 10 apps, a majority of which were dating apps. The results found that these applications alone were distributing personal information to at least 135 companies. 

Some of the apps tested included Grindr, a popular gay dating app, OkCupid, Tinder, and then beyond the realm of dating apps they also analyzed some of the most popular period-tracking apps such as Clue and MyDays. They concluded that these services were sharing personal data, including users’ birthdays, ID numbers, sexual orientations, religions, etc., with advertising companies. 

Embed from Getty Images

“Because of the scope of tests, size of the third parties that were observed receiving data, and popularity of the apps, we regard the findings from these tests to be representative of widespread practices,” the report states.

Their analytics concluded companies such as Amazon, Facebook, and Google were among the largest common company names that were receiving the personal data, along with more unknown tech companies who are in business with larger corporations. These companies use your information like a registry, and match you with products that they assume you’d enjoy based on your internet history, dating information, and hobbies. 

The NCC recently uncovered dozens of privacy violations in Europe once they enacted the General Data Protection Regulation (GDPR), an act that works to protect users’ personal information online. The biggest culprit was actually Grindr, which sold data including GPS location technology to advertisers to inform them about what retailers were within the vicinity of a particular user. The GDPR has been quite successful in Europe so far, but in the United States we don’t exactly have the same type of privacy regulations. 

Embed from Getty Images

“There’s no reason to think these apps and countless others like them behave any differently in the United States. American consumers are almost certainly subjected to the same invasions of privacy, especially considering there are hardly any data privacy laws in the U.S., particularly at the federal level,” says Katie McInnis, policy counsel at Consumer Reports.

More often than not, these apps do let the users know that they share their data with third party advertisers, however, that clarification is often made in the fine print of these apps’ terms and conditions, which we all know none of us are actually reading. Technology users are able to adjust their privacy settings on platforms such as Facebook and Google by limiting what applications are allowed to have access to our personal information. This section is typically found in your account settings under the “security and privacy” tab. In the meantime, plenty of advocacy groups are currently trying to work with the Federal Trade Commission and Congress in general to pass more specified cyber-security/privacy laws.

For more information on how to easily protect your information and personal data from third parties, click here.

Laptop Google Search

Whistle Blower Posts Video of ‘Project Nightingale’ Leaving Google to Face Investigation

A video posted on social media by a whistleblower that Google has been working with Ascension, the second largest healthcare provider in the country, on a secret project has been met with growing concern.

According to the whistleblower, Project Nightingale has been secretly transferring the personal medical data of up to 50 million Americans from Ascension to Google, without their permission.

The secret project has seen healthcare data being transferred to Google without being de-indentified, meaning the full personal details including names and medical history are available to be accessed by Google staff.

The whistleblower also shares the news that by the time the full transfer has been completed – around March next year – over 50 million patients across 21 states will have had their personal data sent across to Google, without informing any of the patients or doctors involved.

As well as names, lab results, medical diagnoses and hospitalization records, notes from a private meeting between Ascension employees involved in the project were also shared. In the document concerns about the way Google would use the personal information were raised, including building new artificial intelligence.

The meeting also raised security fears such as the transfer being in breach of federal HIPAA rules on data privacy, questions that Google have not answered as yet.

Embed from Getty Images

With over 2,600 medical facilities including clinics and hospitals, Ascension – a Catholic network – is believed to be conducting the biggest data transfer so far in the healthcare field. But this isn’t the first partnership that Google has entered into albeit their other partnerships have been on a smaller scale, including the Colorado Center for Personalized Medicine. However the data was encrypted with only the medical center able to access the data.

Although the identity of the whistleblower is not known it is understood they are one of around 300 employees working on Project Nightingale, with roughly a fifty per cent split between Google and Ascension. The Wall Street Journal originally broke the story on Monday 11th November and the data transfer deal was formally signed only hours later.

The whistleblower decided to go public due to the widespread anxiety throughout the project’s employees with many worried about the way in which Google was able to access millions of patients personal data.

“Most Americans would feel uncomfortable if they knew their data was being haphazardly transferred to Google without proper safeguards and security in place. This is a totally new way of doing things. Do you want your most personal information transferred to Google? I think a lot of people would say no.”

The concerns about so much information, that is potentially very valuable, being collated by just one company has also been mentioned with the possibility that Google could use its own AI analytics to work out medical diagnoses for patients.

“In the future, such risks are only likely to grow. This is the last frontier of extremely sensitive data that needs to be protected.”

Embed from Getty Images

Surprisingly this is not the first time Google has seen itself in trouble thanks to their plans to become the leading figure in healthcare analytics and data. Only a few years ago in 2017 1.6 million patient records were transferred from the Royal Free Hospital in London, England to Google’s artificial intelligence division with the UK’s watchdog on data declaring Deep Mind Health to have an ‘inappropriate legal basis’.

Like all companies Google, and more specifically their parent company Alphabet, has ambitions. Alphabet has made no secret that they wish to develop new AI tools to predict health patterns, meaning they can improve treatment. Google are also keen to expand into the digital health market and recently announced plans to buy fitness company Fitbit for $2.1billion.

After the disclosure of Project Nightingale both Ascension and Google have released statements confirming they are keeping in line with all HIPAA and federal health laws, stating that all patient data collected is ‘protected’.

A recent interview by Google Cloud in the Wall Street Journal declared that Google were working towards “ultimately improving outcomes, reducing costs, and saving lives.” Ascension also stated “all work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling.”

However, those watching the whistleblower’s video can see that this is something they definitely do not agree with. Annotations appear over the documents suggesting Google are wanting to share or even sell the information to third parties, or even create profiles which can be used to advertise healthcare products.

The whistleblower says ‘Patients haven’t been told how Ascension is using their data and have not consented to their data being transferred to the cloud or being used by Google. At the very least patients should be told and be able to opt in or opt out.’

What happens next remains to be seen but with companies compiling databases of personal information like these, it is no wonder the US Department of Health has launched an investigation.