Google is very interested in your shopping habits – so much that the tech giant is collecting and saving your purchase history.
The company has been quietly keeping track of your online (and sometimes, offline) purchases for years, according to a recent report from CNBC.
In that report, writer Todd Haselton explains that he was looking around in his Google account and found something alarming:
But because the digital receipts went to my Gmail account, Google has a list of info about my buying habits.
Google even knows about things I long forgot I’d purchased, like dress shoes I bought inside a Macy’s store on Sept. 14, 2015. It also knows:
- I ordered a Philly cheesesteak on a hoagie roll with Cheez Whiz and banana peppers on Jan. 14, 2016.
- I reloaded my Starbucks card in November 2014.
- I bought a new Kindle on Dec. 18, 2013, from Amazon.
- I bought “Solo: A Star Wars Story” from iTunes on Sept. 14, 2018.
And so on. (source)
I decided to check my own Purchases page to see what kind of data Google has been collecting there and found this:
My purchase history goes back to October 2014 (!) but I decided not to share it all here in the interest of saving space (and sparing myself some embarrassment). I blacked out three personal items for, well, privacy reasons – as if privacy is even a thing these days.
I don’t shop online very often, I rarely opt-in to receiving email receipts, and I usually pay with cash when I shop or go out to eat, so I suspect that is why there isn’t much in my purchase history. Nonetheless, I find this disturbing, as someone who is becoming increasingly annoyed by the growing barrage of privacy invasions we all face.
Sorry. No data so far.
For some, however, Google’s collection of purchase data could be quite embarrassing, as Bryan Clark explains in an article for TNW:
My girlfriend’s purchase history is a lot more interesting — our Amazon account is linked to her Gmail address. It’s there that Google could potentially find some intimate details, if it so chose. Not in our case, of course, as we’re both supremely boring individuals. But generally speaking this purchase data could reveal a lot about a person. It could point to an affair, for example (hotel receipts, clothing or gifts never given to a spouse), or let the cat out of the bag on an unannounced pregnancy. Google’s ledger, and the data within it, could track everything from mental illness to a woman’s menstrual cycle, all based on purchase data. (source)
If you’d like to see your own Purchases page, go here: http://myaccount.google.com/purchases.
Google won’t say why it is collecting purchase data or how long it has been doing so.
Google claims to care a great deal about privacy (ironically, at the top of the Purchases page, there is a note that says “Only you can see your purchases. Google protects your privacy and security. Find out more“), but the company sure is collecting an awful lot of data on folks, and is being pretty damn secretive about it.
CNBC reached out to Google to ask about purchase tracking. Here’s what a spokesperson told them:
“To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page.” (source)
How long has Google been collecting purchase data? I can’t find an exact answer to that question, but it appears to be at least 9 years. In an article for The Verge, Nick Statt wrote:
Because I made my Gmail account nearly a decade ago, my purchase history stretches back as far as 2010, including purchases I made while I was a college student and those through Apple’s App Store, which has been linked to my Gmail account since its inception. It also includes some real-world transactions made using my credit card, thanks to point-of-sale software providers like Square and others that link your credit card number and name to an associated email account to deliver receipts, offer rewards programs, and, in some cases, collect valuable purchase data. (source)
Clark makes some additional (and disturbing) points:
Google has also proven unwilling to tell us how long this feature has existed, or why it’s logging offline purchases using certain point-of-sale terminals, like Square — meaning, it’s not just tracking purchases made online — but not others.
Before we jump to conclusions, however, it’s important to note that Google said back in 2017 that it would stop using collected Gmail data to serve personalized advertisements to its users. What’s troubling though, is that it might no longer need to. A 2018 Bloomberg report revealed that Google and Mastercard had reached a deal that would pay the latter millions for coughing up purchase data on its card holders. Google itself claims to have access to the purchase data of “approximately 70 percent” of US credit or debit card holders.
Regardless of how Google is using the data, if it’s using the data, the idea that this kind of ledger exists should be enough to give shoppers pause. (source)
Google says it doesn’t use your Gmail to show you ads and promises it “does not sell your personal information, which includes your Gmail and Google Account information,” and does “not share your personal information with advertisers, unless you have asked us to.”
Why, then, is the company collecting all this data?
Google wants us to believe this purchase tracking feature is for our benefit if we are to believe the explanation the company spokesperson provided to CNBC.
I am not buying it. Are you? If the company is providing this feature as a benefit to Google users, why not notify us that it exists?
We have plenty of reasons to distrust Google with our private data.
Google doesn’t exactly have a reputation for being upfront about data mining, as Statt points out:
This particular tool is not outright nefarious in an obvious way, but it does highlight Google’s struggle to transparently communicate its privacy policies and ad-tracking methods as Silicon Valley at large grapples with a more sensitive atmosphere around data privacy and security. The idea that this tool, and the technology to collect and present the data it provides, has existed quietly without a majority of Gmail users aware it exists echoes similar issues Google has faced over the last few years.
Those include a controversy over third-party app developers pulling data from the contents of Gmail messages, an auto-login feature for Chrome that would sync web browsing with your Gmail account, and reports that Google supplemented its ad-targeting tools with Mastercard purchase history data to provide advertisers a link between online ad impressions and real-world purchases. All of these situations contribute to a common theme: Google offers users a compromise that involves trading products and web services in exchange for data that the company will collect through a variety of means you may not know about and have little to no control over. That data is then used to help Google target ads, a division of its business that’s largely responsible for it becoming one of the most valuable corporations on Earth. (source)
Earlier this year, it was revealed that Google’s Nest Secure home security and alarm system has an embedded microphone system that the company conveniently failed to disclose to users. And, late last year, it was revealed that the Google app tracks users and sells their information.
Cybersecurity experts are expressing concern over the data collection.
David Shipley, CEO of Beauceron Security, told CBC he has three worries when it comes to Google tracking purchases: consent, the potential for abuse, and the amount of power that tech companies continue to collect:
“When people signed up for GMail years ago, Google never said that someday they’re going to do a super-creepy project where they’re going to collect all your receipts,” Shipley said.
Shipley said people should have been able to choose whether they wanted Google to collect their purchasing information in the first place.
“That’s the core of privacy and maintaining our digital rights online.”
He said the feature threatens people’s right to privacy online and offers an easy way for people to take advantage of others online.
“From an attackers standpoint, if they can hack into your GMail account, they now know where you buy from, and so they can now send scams and targeted attacks specifically to products and services you bought in the past,” Shipley said to CBC’s Shift.
“It is, from an information, privacy and control standpoint, absolutely staggering to realize just how far into everyone’s life Google reaches … If you’re using the web, you’re touching Google at some point in your day.” (source)
It is very difficult to delete your purchase history.
Haselton tried to delete his purchase history and had no luck:
But there isn’t an easy way to remove all of this. You can delete all the receipts in your Gmail inbox and archived messages. But, if you’re like me, you might save receipts in Gmail in case you need them later for returns. There is no way to delete them from Purchases without also deleting them from Gmail — when you click on the “Delete” option in Purchases, it simply guides you back to the Gmail message.
Google’s privacy page says that only you can view your purchases. But it says “Information aboutyour orders may also be saved with your activity in other Google services ” and that you can see and delete this information on a separate “My Activity” page.
Except you can’t. Google’s activity controls page doesn’t give you any ability to manage the data it stores on Purchases.
Google told CNBC you can turn off the tracking entirely, but you have to go to another page for search setting preferences. However, when CNBC tried this, it didn’t work — there was no such option to fully turn off the tracking. It’s weird this isn’t front and center on Google’s new privacy pages or even in Google’s privacy checkup feature. (source)
According to CNET, here is how to delete your purchase data:
To delete something, you can click on a purchase, which will bring up an itemized list of everything you bought in that transaction. You can then click the “i” button for information, and then on “where’s this from?”
Google will tell you if the purchase was found in your Gmail, after which you can either click “got it” or “view email.” You’ll then be taken to your Gmail account, the email will load, and you can delete it entirely.
Only then will the transaction disappear from your purchase history. (source)
What do you think?
Will you check to see if your data is being collected on a Google Purchases page? Are there things you do to protect yourself from this sort of data collection? Please share your thoughts and ideas in the comments.
Dagny Taggart is the pseudonym of an experienced journalist who needs to maintain anonymity to keep her job in the public eye. Dagny is non-partisan and aims to expose the half-truths, misrepresentations, and blatant lies of the MSM.
Your Daily Briefing:
Fight Online Censorship!
Get the news Google and Facebook don't want you to see: Sign up for DC Dirty Laundry's daily briefing and do your own thinking!