San Francisco - Google has begun using billions of credit-card
transaction records to prove that its online ads are prompting people to make
purchases - even when they happen offline in brick-and-mortar stores, the
company said Tuesday.
The advance allows Google to determine how many sales
have been generated by digital ad campaigns, a goal that industry insiders have
long described as "the holy grail" of online advertising. But the
announcement also renewed long-standing privacy complaints about how the
company uses personal information.
To power its multibillion-dollar advertising juggernaut,
Google already analyses users' Web browsing, search history and geographic
locations, using data from popular Google-owned apps such as YouTube, Gmail,
Google Maps and the Google Play store. All that information is tied to the real
identities of users when they log into Google's services.
The new credit-card data enables the tech giant to
connect these digital trails to real-world purchase records in a far more
extensive way than was possible before. But in doing so, Google is yet again
treading in territory that consumers may consider too intimate and potentially
sensitive.
Privacy advocates said few people understand that their
purchases are being analysed in this way and could feel uneasy, despite
assurances from Google that it has taken steps to protect the personal
information of its users.
Google also declined to detail how the new system works
or what companies are analysing records of credit and debit cards on Google's
behalf. Google, which saw $79 billion in revenue last year, said it would not
handle the records directly but that its undisclosed partner companies had
access to 70 percent of transactions for credit and debit cards in the United
States.
"What's really fascinating to me is that as the
companies become increasingly intrusive in terms of their data collection, they
also become more secretive," said Marc Rotenberg, executive director of
the Electronic Privacy Information Center. He urged government regulators and
Congress to demand answers about how Google and other technology companies are
collecting and using data from their users.
User privacy
Google said it took pains to protect to protect user
privacy.
"While we developed the concept for this product
years ago, it required years of effort to develop a solution that could meet
our stringent user privacy requirements," Google said in a statement.
"To accomplish this, we developed a new, custom encryption technology that
ensures users' data remains private, secure, and anonymous."
The announcement comes as Google attempts to weather an
outcry from advertisers over how their ad dollars are spent. Google is working
to move past an advertising boycott of YouTube, its lucrative video site, after
news reports that ads for mainstream brands were appearing alongside extremist
content, including sites featuring hate speech and violence.
Google for years has been mining location data from
Google Maps in an effort to prove that knowledge of people's physical locations
could "close the loop" between physical and digital worlds. Users can
block this by adjusting the settings on smartphones, but few do so, privacy
experts said.
This location-tracking ability has allowed Google to send
reports to retailers telling them, for example, whether people who saw an ad
for a lawn mower later visited or passed by a Home Depot. The location-tracking
program has grown since it was first launched with only a handful of retailers.
Home Depot, Express, Nissan and Sephora have participated.
"Google - and also Facebook - believe that to get
digital dollars from advertisers who are still primarily spending on TV, they
need to prove that digital works," said Amit Jain, chief executive of
Bridg, a start-up that matches online and offline behaviour. "These
companies have to invest in finding the identity of the consumer at the moment
when that shopper is at the cash register."
Tuesday's announcement gives Google a clearer way to
understand purchases than just location and allows it to understand purchase
activity even when consumers deactivate location tracking on their smartphones.
Google executives say they are using complex, patent-pending
mathematical formulas to protect the privacy of consumers when they match a
Google user with a shopper who makes a purchase in a brick-and-mortar store.
The mathematical formulas convert people's names and
other purchase information, including the time stamp, location and amount of
the purchase, into anonymous strings of numbers. The formulas make it
impossible for Google to know the identity of the real-world shoppers, and for
the retailers to know the identities of Google's users, said company
executives, who called the process "double-blind" encryption.
Making matches
The companies know only that a certain number of matches
have been made. In addition, Google does not know what products people bought.
"Through a mathematical property, we can do
double-blind matching between their data and our data," Jerry Dischler,
vice president of product management for AdWords, Google's online advertising
service, said in an interview. "Neither gets to the see the encrypted data
that the other side brings."
The tech giant declined to describe its mathematical
formulas in anything more than broad terms, citing the patent application. It
said the work was based on a 2011 research paper by three MIT scientists, which
was funded by Google and Citigroup.
Dischler described the modelling as a
"revolutionary" step forward for Google and advertisers. He added
that users who signed into Google's services had consented to Google sharing
their data with third parties.
But the company would not say how merchants had obtained
consent from consumers to pass along their credit-card information. Google said
that it requires its partners to use only personal data that they have the
"rights" to use, but it would not say whether that meant the
consumers had consented.
Read also: Google making cheap Android phones support its latest software
In the past, both Google and Facebook have obtained
purchase data for a more limited set of consumers who participate in
store-loyalty programs. Those consumers are more heavily tracked by retailers
and often give consent to share their data with third parties as a condition of
signing up.
Tuesday's initiative enables Google to use transaction
data from a much wider swath of consumers than ever before, but the lack of
detail on how personal data was being handled caused concern for privacy
advocates.
Paul Stephens, of Privacy Rights Clearinghouse, a consumer-advocacy
group based in San Diego, said only a few pieces of data can allow a marketer
to identify an individual, and he expressed scepticism that Google's system for
guarding the identities of users will stand up to the efforts of hackers, who
in the past have successfully stripped away privacy protections created by
other companies after data breaches.
"What we have learned is that it's extremely
difficult to anonymize data," he said. "If you care about your
privacy, you definitely need to be concerned."
Such data providers have been the targets of
cybercriminals in the past. In 2015, a hack of data broker Experian exposed the
personal information of 15 million people.