Google is downplaying concerns about the privacy implications of an analysis tool—powered with data from MasterCard—that lets advertisers know how well their online ads are doing in driving sales in physical stores.
Google announced the 'Store Sales Measurement' tool last year describing it as a technology that would let advertisers’ link online ads with purchases that consumers make offline in brick-and-mortar stores.
But the company's relationship with MasterCard was not publicly known till last week when Bloomberg published an investigative report Aug. 30 disclosing how the two companies had reached a secret deal after four years of discussions.
The arrangement gives Google access to certain data on purchases that consumers have made using MasterCard branded credit and debit cards in the U.S.
According to Bloomberg, the data that Google purchases from MasterCard allows the company to know how many individuals that clicked on an online ad later ended up purchasing the item in a brick-and-mortar store so advertisers can better measure the effectiveness of their online ads.
While the new feature has proved beneficial for Google and advertisers so far, there are some broad concerns over the privacy implications of linking a consumer's online behavior with their offline purchases. Bloomberg quoted the counsel for consumer advocacy group Electronic Privacy Information Center (EPIC) as saying consumers don't expect what they buy physically to be tracked and linked to their online activity.
"Google is continually pushing the boundaries of collection, analysis and use of our information, including geo-location [data]," says Jeffrey Chester, executive director of the Center for Digital Democracy, a frequent and long-time critic of Google's privacy practices. "The Google, MasterCard deal is a new nightmare for how little our privacy is now protected in the U.S."
In a statement Google this week reiterated many of the claims it made last year when it first announced the tool.
"Before we launched this beta product last year, we built a new, double-blind encryption technology that prevents both Google and our partners from viewing our respective users’ personally identifiable information," the company claimed.
Google does not collect or have any access to personal information from credit and debit card data. Neither does it have any insight into the purchases that individuals make or the amount they might have spent in a physical store location. Google only learns of the aggregate value of purchases related to a specific product over multiple purchases.
For example the company noted that an ad campaign with 10,000 clicks, Google might learn that 12 percent of the people who clicked on the ad made a purchase. The advertiser does not learn which individual users clicked on their ads—they only get the aggregate value of sales driven by their ad campaign.
The company has also maintained that all of the data that it receives from MasterCard and other third parties is encrypted so it cannot identify individuals who make purchases. The company contends that it only uses data that users have agreed can be linked with their Internet activity and that users can withdraw their consent at any time.
But some privacy groups including EPIC have challenged these claims. In a complaint filed with the U.S. Federal Trade Commission last July the EPIC said Google's claims about preserving consumer privacy with regard to the in-store sales measurement program needs to be independently verified.
Google's reliance on a proprietary and secret algorithm for protecting consumer privacy, and its use of an opaque opt-out facility are unfair and deceptive to consumers, EPIC has claimed.