Google Wallet update upsets privacy advocate

Interface changes to the Google Wallet Merchant Center stir privacy violation complaints, but Google insists it's done nothing wrong.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
3 min read
Compare the old Google Checkout interface on the right to the new Google Wallet branding on the left. The changes have raised privacy concerns for one watchdog group. (Click to view larger version of the image.) DroidLife

Google's update to an e-commerce tool used by vendors to manage sales is merely for show, charges a consumer advocacy group, which adds that the company should be more clear about its privacy policies.

The update, used in conjunction with Google Play and other services, displays less of a customer's personal information to the vendor than the previous iteration, reports the Android-watching blog DroidLife. The update to the e-commerce tool is rolling out to vendors now and over the next few weeks. But consumer advocacy site Consumer Watchdog says Google's move is not an "actual" change, and it's demanding more privacy policy accountability from Google.

John Simpson, Privacy Project director at Consumer Watchdog, described his organization's complaints from February and March (PDF 1, | PDF 2) filed with the U.S. Federal Trade Commission and the California Attorney General's office about the Google Merchant Center to CNET. "Google was passing on the name, address, and e-mail address of the app buyer. We alleged that it violated policy law and the Buzz agreement," the 2011 deal the company struck with the FTC over privacy violations in Google Buzz that led to Google developing a more comprehensive privacy policy.

At the time, the Electronic Privacy Information Center called the 20-year consent agreement "the most significant privacy decision" by the FTC. Simpson predicted that Google could face billions of dollars of fines stemming from the new alleged privacy violations.

In examining screenshots taken by DroidLife, it's clear that Google has changed what information is immediately visible to its e-commerce vendors. Under the old Google Checkout Merchant Center, a customer's e-mail address, first and last name, and physical address were readily available. As the new Google Wallet Merchant Center branding shows, though, that information is not available by default.

A Google spokesperson explained in an e-mail to CNET, "This isn't a change to policy. As part of the rollout of the new Merchant Center, we are experimenting with the display of customer information, which is more of a user interface change." Google Wallet's privacy policy states that it only shares your information "as permitted," by the company's overarching privacy policy; as necessary to process transactions and maintain accounts; and to complete registration for services provided by third parties. It was last updated on August 1, 2012.

Consumer Watchdog's complaints stem from an incident in February when an Australian developer of a popular app expressed surprise at how much personal information about a customer was shared with him. Specifically, the developer was concerned with receiving name and real-world location data, which could make a customer easy to find and harass by a developer upset about a negative review, he suggested.

The new order details screen shows less customer data than the old one. (Click to view larger version of the image.) DroidLife

Google declined to comment about the DroidLife report, or about Consumer Watchdog's complaints, but it's no coincidence that in the company's short statement it mentioned before anything else that there had been no policy change. That means that, unless the company is lying, the data it was collecting and sharing with vendors that use the Merchant Center before the February incident is the same under the Wallet rebrand and redesign.

If the information being collected hasn't changed, then one likely culprit is a change in how the information that has been shared is displayed.

There are legitimate reasons for Google to collect and share e-mail addresses and location information. The Google Wallet is used by sellers to sell both digital goods, such as apps and MP3s, and physical items like the Nexus 7 tablet, and it's used on Web sites to complete e-commerce transactions beyond the Play Store. Shipment of a physical item would require the address and name of the person who bought the item. What Google appears to have changed is not the collection of customer data, but under which circumstances that information is shown to vendors.

"Google is a serial privacy violator," said Consumer Watch's Simpson, adding that Google's "statement is pure bafflegab."