There was an Associated Press (AP) report recently that noted Google applications track your location, even if you’re turned off Location History on your Android phone. The article has details about what the AP noted, as well as the report from some researchers that were testing the functionality. You can read the details, but the issue doesn’t seem to be as simple as the headline of the report.
Google has responded to the claims, saying that they document and explain the various settings that need to be changed in the applications themselves to prevent any tracking. That might be the case in the eyes of the engineers that built the functionality, but I would tend to argue that the expectations, the descriptions, and explanations we use as technology professionals might not be clear enough for most users. We ought to be documenting, explaining, and even coding systems for users that aren’t as familiar as we are with the technology.
This is an interesting issue. Not the location tracking, since I assume Apple, Google, government, and more can track my phone if they really want. To me, the issue is that we have data practices that are not clear to the end user. What Google documents, what they do with new services and features, and what the clients expect are not necessarily the same. That’s an issue, and I suspect it’s a similar issue for many companies.
Most of us collect some level of detail from our software on how the user interacts with it. This might be a local log, or it might be some sort of telemetry, similar to what Microsoft collects from SQL Server. In either case, I think it’s important to spell out what data is being collected and to what extent this data is related to a specific individual or company. The changes to data handling as a result of the GDPR and other legislation might require that we do a better job of disclosing any data we collect, and in which specific circumstances.
I know that data matters, but I also think that lots of the information that is collected doesn’t need to be related to a specific individual. Aggregates or tokenized data is often enough, though if you need to track a particular individual over time, such as the features they use in their install, be sure that you are very careful with any sensitive data, such as names, locations, etc. Most of us don’t have Google’s resources to combat legal action if customers find we are infringing on their privacy.