Google Inc's privacy practices are drawing heat after an Australian software developer said the company was providing him with personal information, including email addresses, of everyone who purchased his mobile app.
The information that Google shared, which included customers' full names, email and some postal code information, was not the result of a glitch with its software. Rather it appears to be in accordance with Google's existing policies for its app store and its Google Wallet payment service - though some privacy advocates believe Google has not been clear enough in informing consumers about the practice.
Google has "buried" the notice about how it shares users' personal information in fine print rather than obtain the express consent of users, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
"Meaningful consent is about people understanding what they're getting into. It's about not tricking them," said Rotenberg. "In a situation like this, where people just don't know what information is being transferred or who it's going to or for what purpose, it seems ridiculous to say that Google has consent."
The episode represents the latest privacy flare-up for Google, the world's No.1 search engine. In August, Google agreed to pay a $22.5 million fine to settle charges that it bypassed the privacy settings of customers using Apple Inc's Safari browser. Google also settled a privacy investigation by the Federal Trade Commission 2011 related to its rollout of the now-defunct Buzz social networking service.
Other Web companies, including Facebook Inc, have also drawn scrutiny over their privacy practices and entered into settlements with regulators.
Google said in an emailed statement that "Google Wallet shares the information needed to process transactions, and this is clearly stated in the Google Wallet Privacy Notice."
EPIC's Rotenberg said he believed that Google may be violating its 2011 settlement with the FTC.
Developer Dan Nolan broke the issue online in a blog post on Tuesday: "This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it's made crystal clear to them that I'm getting this information."
Nolan's app, which automatically generates insults in the style of a well-known Australian politician, has been a best-seller on Apple Inc iPhone. Nolan recently released a version of the app for smartphones that rely on Google's Android operating system.
He told Reuters that Google acts as a marketplace when an app is purchased, hence the transactions occur directly between developer and the purchaser.
"The way the system is designed, it (the information) is not what a user would expect to hand over," said Nolan. "If you buy something on the iOS app store, you purchase it off Apple, and they pass the money to the developer."
The Google Wallet privacy notice states that Google will share users' personal information with other companies "as necessary to process your transaction and maintain your account."
That's different than the way Apple's App Store works. According to an Apple spokesman, the company only shares general information about the number of downloads with third-party app developers. Apple does not pass along personal information, such as email, except with publications available through its Newsstand store, if customers agree to it.
Barry Schwartz, an app developer and editor for the online blog Marketing Land, said he was pleased with Google's policy of passing along customer information to developers, since it made it easier for developers to directly handle customer service issues, such as refunds.
"I want to be able to service my customers, and yes, they are my customers, not Google's and not Apple's customers. They download our products," Schwartz wrote.
But Joel Reidenberg, Director of the Center on Law and Information Policy at Fordham University School of Law, said Google and other online and mobile services needed to be more transparent about what personal information was being shared with third-party firms.
"When you buy an app, you could have a pop-up that tells you this is the information that's going to the app developer," he said.