
ACCC alleges Google misled consumers about expanded use of personal data - Khaine
https://www.accc.gov.au/media-release/accc-alleges-google-misled-consumers-about-expanded-use-of-personal-data
======
dannyw
FYI, the ACCC has successfully won victories against Steam refusing to provide
refunds for faulty games. Just because it's a digital product doesn't mean you
don't have consumer rights.

If you buy a physical good and it doesn't work towards its described
specifications, you deserve a refund.

If you buy a digital good and you meet the system requirements but it doesn't
work, you deserve a refund.

~~~
judge2020
I think the steam problem was a store vs publisher issue. When No Man's Sky
first released, you couldn't refund if you had player for more than 2 hours
even though it was a faulty game. After the bad press spread, Steam stepped in
and accepted refunds far past the 2 hour 'time played' requirement [0]. If
Gamestop sells a faulty or unfinished game by EA (like Anthem), should
Gamestop be obligated to refund you or should they ask the publisher if they
want to refund the customer since the publisher might promise better future
stability?

0: [https://bgr.com/2016/08/29/no-mans-sky-refund-steam-pc-
ps4-s...](https://bgr.com/2016/08/29/no-mans-sky-refund-steam-pc-ps4-support-
ticket/)

~~~
jlawer
Australian Consumer Law has many provisions based on the fact that many
companies are not always able to be fully sued in Australia. In order to
prevent this the end retailer is responsible for ensuring consumer rights. Of
course the expectation is that the final retailer then claims against their
distributor who then claims against the manufacturer / publisher.

However this has been a problem with some digital marketplaces as they entered
the Australian market. For tax reasons many products were sold via a Irish or
Singaporean subsidiary and thus tried to avoid taxation on the sales (even
some were selling in $AU from these offshore locations). As these loopholes
were closed many companies essentially accepted they had Australian presences
(mostly due to the changes around tax). However Australia has some fairly
strong consumer protections (at least on paper), fairly broad statutes (terms
like "reasonable durability" and "fit for purpose") and a fairly active
consumer rights defender (ACCC) and many organisations have avoided
Furthermore consumer rights cannot be removed via EULA agreements and such.
Many organisations didn't change their systems for Australia as they were
"mostly" compliant, and considered that digital goods were "New" and
"Different" from the rules that affected physical products and retail
operators.

So under Australian Law.... yes. Gamestop (or more likely EB games in
Australia) is liable for the refund. However they can then turn to their
suppliers and sue them for breach of contract for supplying defective
products. It is reasonable Future stability doesn't come into it, as the
product was sold misleadingly. EB Games has already been taken to task over
this for Fallout 76 and trying to claim people aren't entitled to a refund.

0: [https://www.accc.gov.au/media-release/eb-games-undertakes-
to...](https://www.accc.gov.au/media-release/eb-games-undertakes-to-refund-
consumers-for-the-fallout-76-game)

~~~
chris_wot
* Many organisations didn't change their systems for Australia as they were "mostly" compliant, and considered that digital goods were "New" and "Different" from the rules that affected physical products and retail operators.*

And their arrogance cost them dearly.

------
jb775
> _The ACCC considers that consumers effectively pay for Google’s services
> with their data, so this change introduced by Google increased the “price”
> of Google’s services_

It's interesting to think about a privacy policy tweak as a "price increase".
I wonder if data will become regulated to the point where monetary value is
transferred away from large companies and towards individual users so
countries can tax their citizens on it.

~~~
hnick
It seems to be an extension of the idea of Consideration in contract law. That
makes sense to me. You can't change the agreement to extract more value
without giving something back in return.

~~~
judge2020
Simple: increase free Drive space by 500MB, or even 1MB, each time it's
updated.

------
trishmapow2
Original link is now access denied, ACCC have posted a correction that fixes
an example they used: [https://www.accc.gov.au/media-release/correction-accc-
allege...](https://www.accc.gov.au/media-release/correction-accc-alleges-
google-misled-consumers-about-expanded-use-of-personal-data-0)

------
akdor1154
The ACCC makes me proud to be Australian.

~~~
jiggawatts
For non-aussie readers of YC News, the ACCC is an Australian federal
government department that represents the consumer interests of the citizens.

This is a particularly important function in cases where there is significant
asymmetry in transactions, as is typical with large corporations versus many
customers making small purchases.

In scenario like that, a defrauded consumer has essentially no recourse, as
nobody is willing to take a minor matter to court. Even if they do, they'll
face an army of lawyers that will certainly drag out the proceedings until its
Just Not Worth It for the angry consumer. Class action lawsuits, the type
popular in the United States, are a joke, serving only to enrich lawyers.

In Australia, the ACCC sues or directly penalises corporations on the behalf
of consumers. They enforce laws related to things like warranty returns.

They have a reputation for coming down like a ton of bricks on misbehaving
businesses, with eye-watering fines for even minor things like putting up an
invalid "no returns" policy sign at the cash register.

As a consequence of ACCC's actions, consumer confidence is increased, so
people spend more, boosting the overall business activity in Australia.
Companies that behave have everything to gain and nothing to fear. Companies
that try to rip off consumers are eliminated from the market, so that they
can't unfairly compete with law-abiding companies by dropping prices to levels
where legitimate behaviour is unsustainable.

An anecdote: A local computer parts store refused to refund my $500 for a new
GPU that was faulty. I told them that this was illegal, and they're running
the risk of an ACCC fine. They just laughed at me. I did nothing about it, and
jumped through the hoops to return the card to the manufacturer instead.
Someone else must have reported them for their behaviour, and next time I was
there I noticed a prominent sign at the cash register saying that they've been
fined by the ACCC $750,000 and that they had to display this sign to notify
customers of their rights. For a local, small business retailer this is a
brutal fine, but they're still around and now they provide instant refunds for
DoA parts without argument! Plus, the look on the face of the manager who
refused my warranty claim was priceless. The system works.

~~~
9nGQluzmnq3M
Two ACCC decisions that the rest of the world would do well to copy: merchants
are allowed to pass on credit card fees to the customer, but the fee charged
has to be reasonably in line with the actual cost:

[https://www.accc.gov.au/business/pricing-
surcharging/payment...](https://www.accc.gov.au/business/pricing-
surcharging/payment-surcharges/qa-payment-surcharges)

The first part had Visa/MC howling (because they're normally insistent that
merchants hide their fee) and the second pissed off airlines, hotels etc that
loved to tack on high fixed charges as payment fees, but in both cases
consumers are obviously the winners.

~~~
bash-j
Also car advertisements have to show the actual drive away price including all
extra fees and taxes. If you advertise anything on TV, you can't get away with
putting small print in the commercial that changes what a customer would be
getting for the price displayed, e.g. unlimited internet. You can't reasonably
expect a customer to pause the tv, get off the couch and get up close to be
able to read the small print, only to discover that speeds would be capped
after a certain amount of usage.

~~~
hnick
Drip pricing is very similar and also illegal: the dark pattern of letting
someone get all the way through a checkout process and then springing an extra
expected (by the merchant, not the consumer) fee or charge on them in the hope
that the sunk cost fallacy wins the day.

[https://www.accc.gov.au/consumers/online-shopping/drip-
prici...](https://www.accc.gov.au/consumers/online-shopping/drip-pricing)

~~~
hansvm
Unrelated to your overall point, that isn't necessarily fallacious reasoning.
If most checkout processes in a niche are excessively long (free background
check services come to mind) then the customer is choosing to spend extra
money now in order to avoid spending extra time with an alternative.

~~~
hnick
In this case the sunk cost is time, the extra cost is money. So I think it
kind of applies. They've just gone with a dual-currency system like predatory
mobile games ;)

But I see your point, they're not necessarily overvaluing the time they've
already spent, they're trying to avoid doing it all over again.

------
mark_l_watson
Google acted inappropriately and in my opinion deserves the kind of punishment
that is severe enough to curtail stuff like this.

That said, Facebook and other companies are just as bad.

~~~
prox
What really bugs me that there is really no opt out. You can ONLY click “I
agree”, or don’t use it. So I don’t.

~~~
judge2020
That is the opt-out. They provide services in exchange for you clicking 'i
agree'; if they can't generate value from your use of a service, they don't
want to be obligated to lose money by providing you some service for free.

The only problem is how consumers don't read the privacy policy and/or don't
understand how valuable their data is to these companies.

~~~
inetknght
That's only part of the problem. The other part is locking away all of your
data - emails, files, contacts, calendar, apps - if you don't want to agree to
a change to the policy. Own an Android phone? Good luck opting out of a change
to the agreement!

~~~
sukilot
Data isn't locked away. Only apps are.

~~~
ocdtrekkie
Whilst Takeout is a thing, most of the data you'll get isn't in a form that's
reasonably useful on it's own. You need to be a programmer to extract value
out of a Google Takeout dump in a lot of cases. (I am sad more open source
projects don't prioritize an "import from Takeout"-type feature.)

------
gundmc
I'll be interested to see how this plays out. The ACCC media release might
make it sound worse than it was.

In the included screenshots, there is clearly text that explains in pretty
plain English. They left these parts out of the media release itself.

> ... With this change, this setting may also include browsing data from
> Chrome and activity from websites and apps that partner with Google,
> including those that show ads from Google.

> ...In My Account, the Ads Personalization setting currently allows Google to
> use data in your account to tailor ads that appear on Google products. With
> this change, this setting will also allow Google to use data in your account
> to tailor ads on websites and apps that partner with Google.

It's a lot to process in a pop-up that forces a user to make an instant
decision, and the lack of an opt out without clicking through to "More
Options" is shady, but it does feel like a pretty good layman's explanation of
what they were going to do.

~~~
shakna
> It's a lot to process in a pop-up that forces a user to make an instant
> decision

Part of informed consent in Australia is "can freely make decisions without
unfair pressure or influence from others." This kind of instant decision, and
the following opt-in, don't fit within that requirement.

> but it does feel like a pretty good layman's explanation of what they were
> going to do.

It doesn't include the detail required by Australian law.

> may also include browsing data from Chrome and activity from websites and
> apps that partner with Google, including those that show ads from Google.

This is not enough. You cannot simply specify any arbitrary third party.

You cannot simply say "browsing data", but have to specify what it is that
you're grabbing. You have to say that you're grabbing IP ranges, headers,
screen sizes, etc.

~~~
nl
> It doesn't include the detail required by Australian law...

> You cannot simply say "browsing data", but have to specify what it is that
> you're grabbing. You have to say that you're grabbing IP ranges, headers,
> screen sizes, etc.

What specifically? I'm Australian and I'm not aware of any law that specifies
anything like that at all.

> This is not enough. You cannot simply specify any arbitrary third party.

That's clearly not true. Amongst others, credit companies in Australia do this
frequently and haven't had issues with the ACCC over it.

~~~
shakna
> That's clearly not true. Amongst others, credit companies in Australia do
> this frequently and haven't had issues with the ACCC over it.

They don't list _arbitrary_ third parties. For example, Mastercard tells
everyone "MasterCard requires members to register all Third Party Processors
(TPPs) and Data Storage Entities (DSEs) with the MasterCard Registration
Program system.", and then all of those are available for the public, usually
via a link, within their policy.

> What specifically? I'm Australian and I'm not aware of any law that
> specifies anything like that at all.

Enough information that informed consent can be considered. It isn't
specified, because it were, then companies would work around it. Australia
makes use of a Common Law system, that which is "reasonable", rather than that
which can be litigated.

~~~
nl
> They don't list _arbitrary_ third parties. For example, Mastercard tells
> everyone...

Not sure if you mean Google or Mastercard doesn't list third parties?

You seem to be conflating Mastercards's PCI compliance requirements[1] with
their data sales to companies like Equifax[2] and others, which is an
extremely opaque trade and not disclosed.

> Enough information that informed consent can be considered. It isn't
> specified, because it were, then companies would work around it. Australia
> makes use of a Common Law system, that which is "reasonable", rather than
> that which can be litigated.

Exactly, and I don't believe that any court would find that they need to
specify "that you're grabbing IP ranges, headers, screen sizes, etc". I'd note
that the ACCC isn't making that claim either.

> that which is "reasonable", rather than that which can be litigated

Well "reasonable" is decided the courts, so it is litigated.

[1] [https://www.mastercard.com.au/en-au/merchants/safety-
securit...](https://www.mastercard.com.au/en-au/merchants/safety-
security/security-recommendations/service-providers-need-to-know.html)

[2] [https://www.equifax.com.au/about-us](https://www.equifax.com.au/about-us)

------
zmmmmm
Honestly, while this change was controversial, it was very well publicised and
displayed to users at the time. I think it is quite a hard case to prove that
users were misinformed - if it it does hold up, it'll create quite an
interesting precedent where even executing a change like that with complete
explicit opt-in isn't enough to keep you in the clear. It might have the
perverse effect of making companies pre-load every evil thing they can ever
think of doing into their initial terms of use because it is interpreted as
impossible to post-opt-in a normal person in a reasonable manner.

~~~
chris_wot
The previous privacy policy stated they would get the end users consent for
anything that would reduce their privacy. They did not do this.

------
phjesusthatguy3
@dang story is no longer accessible; updated link in
[https://news.ycombinator.com/item?id=23964132](https://news.ycombinator.com/item?id=23964132)

------
nl
This is interesting. The allegation is that Google didn't properly notify
users about combining Doubleclick and other Google data.

Google did run a popup notification about the change, but:

 _The ACCC alleges that the “I agree” notification was misleading, because
consumers could not have properly understood the changes Google was making nor
how their data would be used, and so did not - and could not - give informed
consent._

It's not exactly clear what the ACCC is saying here? Is it that Google didn't
explain it enough, or is it that no amount of explanation is enough because
user's "could not give informed consent"?

~~~
Khaine
From the ACCC website

“I agree” notification

The conduct is alleged to have impacted millions of Australians with Google
accounts.

From 28 June 2016 until at least December 2018, Google account holders were
prompted to click “I agree” to a pop-up notification from Google that
purported to explain how it planned to combine their data, and sought the
consumers’ consent for this.

    
    
      Some new features for your Google Account
    
      We’ve introduced some optional features for your account, giving you more control over the data Google collects and how it’s used, while allowing Google to show you more relevant ads.
    

The notification also stated, “More information will be available in your
Google Account making it easier for you to review and control”; and “Google
will use this information to make ads across the web more relevant for you.”

Not sure how you can provide informed consent, when the notification is so
vague

~~~
nl
If you scroll down they include screenshots, which have diagrams including how
the data flows, and additional text. It's quite a lot of information.

Hard to know what the appropriate level here is, but Google sure did a lot
more than just saying what the text said.

