If there is indeed such an identifier, enabled by default its pretty obvious that its technically possible to track a user. And with all the other data Google has, they also can link to the actual identity pretty easily.
Apple provides the exact same API - https://developer.apple.com/documentation/adsupport/asidenti... although IIRC it manages it better (users can revoke it, but it's on by default). I wonder why Google is singled out here though - if Apple is also mining our data, they should also be on the hook.
I wonder if all other OS vendors could be fined as well because the OSes are full of tracking identifiers - device MACs, device install identifiers, serial numbers, etc. There's plenty of apps out there that use those identifiers to track user behaviour.
why can't google train a neural net on each person they've gathered data on and track them using a custom model?
Have you confirmed that the click through agreements and privacy policies don't mention anything like this?
He has a legal background, and has fought a number of high-profile privacy cases in Europe.
The day the GDPR came into effect, he filed violations complaints against Facebook and Google in four different jurisdictions. He's a spearhead figure in this regard.
When people do this it comes across as malicious harassment rather than a genuine legal complaint for harm caused. Why so many jurisdictions, and why on the very day it came into effect?
He has any right to use all existing laws to file complaints. When a new law is being introduced it should be followed immediately, especially when it impacts the lives of many. Would you argue that a speeding ticket is harassment when the fines were raised just the day before? No, you wouldn't because that would be ridiculous.
Legal harassment is an issue when individual citizens and small businesses are targeted with frivolous lawsuits clearly intended to burn as much of their time and money as possible.
This is not the case here. Google and Facebook deserve every privacy lawsuit they get. They have the resources to deal with it too.
The very day should be obvious: because these companies had two years to prepare for and become compliant with the GDPR.
This wasn't Facebook et al. saying "oh no, we need more time please'. This was them saying "we made up our mind on the implementation; if you disagree, we'll let a judge decide."
No idea about the jurisdictions, but I'd expect there to be good reasons, too. He's an activist, but I never perceived him as an over-the-top "in-your-face" activist. On the contrary.
Nobody know how to change it or turn it off. That means a lot of developers and advertisers assume it is actually a good way to track users. So if you go in and reset/disable it, you'll be in such a small minority that you'd become an edge case and they'd lose the historical data on you.
Obviously this isn't true 100% of the time but if it didn't exist then advertisers would use a hardware fingerprint probably, which is a lot harder to spoof
As a denizen of statistics and technology, fooey with non-anonymized identifier bits outside of bug reports. We have ways of making data speak. We genuinely rarely care the specific record identifier.
Why? Not trying to be snarky, just genuinely curious, I'd expect that those people would generally be less susceptible to advertising.
I'd be surprised if they didn't.
