It’s no secret that Google gathers up large amounts of your data based on your search history. But far less known is that the company has also been automatically tallying up your digital and real-world financial transactions based on receipts found in your Gmail accounts and other Google services. It’s just another sign of the enormous reach of tech titans, including Facebook, mining our real-world transactions to generate new insights into our behavior and new revenue streams.
If you have a Google account, see for yourself: In the Google Account Activity section, a tab called “Payments & subscriptions” reveals a page of your Purchases, Subscriptions, and Reservations, along with your stored Payment Methods. The page—which I stumbled upon recently, and which CNBC also reported on—includes transactions, like deliveries and online orders, gathered from receipts or confirmations received in Gmail as well as from Google services like the Google Play Store. (View yours at https://myaccount.google.com/payments-and-subscriptions by clicking on “Manage purchases.”)
The data can be eye-opening: a partial catalog of years of purchases that you probably didn’t know Google had yanked from the depths of your digital life. Like many, I’ve long used Gmail like a cabinet or shoebox to keep track of receipts. But I was unaware that I had consented for the Google bots to scan my inbox, identify specific emails, and assemble a dossier of my purchases.
Google says the purchase data is not used to target ads and is only viewable by the individual user. “To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you,” a Google spokesperson explained in an email. The idea is to help you do things like track a package, cancel a reservation, or renew a subscription, according to Google. “We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page.”
Plus, says Google, “you can delete this information at any time.”
Not easy to delete
But there is a catch. Removing data from “Purchases” requires users to click each purchase individually: There is no way for users to easily delete their entire purchase history from Google’s servers. Removing the original emails doesn’t work either: When CNBC reporter Todd Haselton bravely deleted every single email in his Gmail, the transactions in his purchase history still remained.
In other words, unless you delete each purchase record individually, Google keeps a tally of your purchases. And there is no way for users to simply turn the data mining off.
On mobile devices, users may struggle to find the settings page: When viewed on a mobile browser, the “Payments and subscriptions” tab is mostly obscured.
While Google insists that users’ transaction data isn’t currently used to power its giant ad business, that may provide little solace to anybody concerned about privacy. The data could still be used to enrich already detailed user profiles. And eventually, knowing what you pay for—what medical products you purchase, which hotel you’re sleeping in tonight, or that you have a soft spot for late-night shopping—could prove irresistible if Google intends to keep improving ads to increase purchases. Google’s terms of service allow it.
Cynics will point to those terms and gloat that Gmail users should expect this, along with all other forms of surveillance that Google deploys to monetize user data. After all, Gmail is free, and users of free tech products have signed up to have their data harvested by those companies.
But Google is also data-mining the inboxes of paying customers—including corporations, nonprofit entities, small businesses, and schools—for transaction data. In addition to regular Google users, the company is scanning the inboxes of G Suite and Google for Education users to create individual purchase histories, even though those users’ Purchases pages do not list those transactions for review. As a Reddit user first pointed out, the transaction data only appears when G Suite users use the Google Takeout service to export “Purchases & Reservations” in JSON format.
By scanning enterprise inboxes for purchase data and partially concealing the results, Google raises important privacy and security questions for certain professionals who use G Suite, like accountants, journalists, and medical professionals. Lawyers, for example, have an obligation to maintain the confidentiality of client materials. The hidden Purchases data may also generate concern among the millions of Google for Education users (and their parents), who are students ranging from elementary school through university.
A Google spokesperson told Fast Company that the data was not used for ad targeting but said the company had updated the Purchases page “to clarify the information listed,” including purchases made using Search or Maps and order confirmations in Gmail. “We appreciate the feedback from our users, and are always looking for ways to simplify our settings and make it easier for people to control their data,” the spokesperson said.
Google has also offered users a valuable if inadvertent lesson in how difficult that control is. The Purchases page offers a glimpse into how Google’s services—and a growing number of giant digital platforms and mysterious data brokers—quietly watch what we buy.
And yet when it comes to Big Tech’s ability to mine users’ financial activity, the Purchases ledger is only the tip of the iceberg.
‘Secret’ credit-card-data deals
While the “Purchases” page is sopping up data from our digital receipts, Google is also buying access to our credit card transaction data.
In 2017—the same year that the company said it would stop scanning emails in free Gmail accounts to display targeted ads—Google began tapping into users’ real-world purchases, through undisclosed partner companies that at the time “had access to 70 percent of transactions for credit and debit cards in the United States,” according to the Washington Post.
As part of the program, Google signed an agreement with Mastercard by which the tech giant paid millions for “anonymized” transaction data on cardholders. Bloomberg, which reported on the arrangement last year, described it as a “secret ad deal” between the companies because it was not publicly revealed or shared with cardholders. In 2017, the Electronic Privacy Information Center submitted a complaint about the tool to the U.S. Federal Trade Commission.
In an email last month, a Google spokesperson said the program was currently being beta tested only in the U.S. and was only used to create aggregate and anonymous measurements of ads. The spokesperson declined to name the company’s credit-card-data partners but said Google did not share any personally identifiable information with those companies.
Google, the spokesperson stressed, does not gain access to any individual user’s credit card data and only learns that a certain percentage of users made a purchase, not who the users are or what they purchased. (Users can opt out of ad tracking using Google’s “Web and App Activity” console.) The credit card data is also encrypted so that even Google cannot read it, the spokesperson said. In 2017, Google said it held a patent on the custom encryption technology.
But there’s only one method that protects the privacy of customers even more than Google’s patented encryption formulas: not trying to match every scrap of digital data with our real-world purchases.
The specter of price discrimination
Of course, Google is not the only tech titan mining our real-world transactions to generate new insights into user behavior and new revenue streams. Facebook, the world’s other ad behemoth, currently helps advertisers link real-world data from a host of payment platforms and other data providers to help determine the effectiveness of its ads.
Facebook has also sought deeper access to users’ financial data. As the Wall Street Journal reported last year, the company previously approached some of the country’s largest financial institutions about partnerships for its Messenger app that would reveal users’ “card transactions and checking-account balances.” Facebook already offers similar features with American Express, Mastercard, and PayPal integrations for Messenger.
Facebook said at the time that the data would not be used to target ads. Like Google’s Purchases page, the promise is convenience. “People can keep track of their transaction data like account balances, receipts, and shipping updates,” the company explained in a statement.
Still, according to one source who spoke to the Journal, the data “could be used to offer services that might entice users to spend more time on Messenger.”
Facebook’s proposal for a cryptocurrency, to be called the libra, has raised new questions about its ambitions for financial data. Facebook says the libra transaction information will be kept separate from the rest of the company’s data and won’t be used to target ads. Those pledges did not satisfy many members of the U.S. Senate Banking Committee at a hearing earlier last month, where the Facebook executive in charge of the libra project, David Marcus, was pelted with questions about how the company would treat users’ transaction data.
Google and Apple already handle many everyday transactions through Google Pay and Apple Pay, services that allow customers to store their debit, credit card, or PayPal information with the companies and to pay at participating stores using a click or an app. Google says it may share transaction data with “authorized partners” like banks, billers, and merchants but also says it does not use the data for “any monetization purpose,” including ads. Apple says it retains “anonymous” payment data only “to improve Apple Pay and other services.” For its peer-to-peer Apple Pay Cash service, the company stores transaction data “separately from the rest of Apple” and has pledged to make user privacy a cornerstone of its forthcoming credit card.
The concerns surrounding the privacy of our transactions go beyond targeted ads. Armed with info on what we buy, Facebook, Google, Apple, or any digital platform may ultimately hold an unfair advantage to determine the prices it shows individual users.
Matt Stoller of the Open Markets Institute, an anti-monopoly think tank, voiced his concern in a recent New York Times op-ed. “Imagine Facebook’s subsidiary Calibra knowing your account balance and your spending, and offering to sell a retailer an algorithm that will maximize the price for what you can afford to pay for a product,” he wrote. “Imagine this cartel having this kind of financial visibility into not only many consumers, but into businesses across the economy. Such conflicts of interest are why payments and banking are separated from the rest of the economy in the United States.”
Dynamic pricing, also known as discriminatory pricing, is the practice of charging people different prices for the exact same product. With growing piles of data about shoppers’ behavior, it is already a best practice on the web. One of the most notorious forms of dynamic pricing is Uber’s “surge pricing” model: When supply is low, Uber discriminates against users who don’t want to pay normal rates and routes cars to users willing to pay higher prices.
By combining comprehensive purchase data with their troves of other information about us, companies could also make determinations about our financial health and calculate something akin to credit scores. In a report released in June, the global Bank for International Settlements warned that the big tech firms that are charging into financial services—including Alibaba, Google, Facebook, Amazon, and Tencent—could use their stores of user data to favor their products or to “engage in price discrimination and extract rents.”
Google holds a 2012 patent on dynamic pricing: The system it describes is capable of “adjusting the base price upward based on determining that the particular user is more likely to repurchase the particular item of electronic content than the group of users; and adjusting the base price downward based on determining that the particular user is less likely to repurchase the particular item of electronic content than the group of users.” Asked about its policy on dynamic pricing, a spokesperson for Google said the company relies on merchants to provide price information and does not itself control the price of products it shows users.
Major digital retailers already rely on so-called “customer value scores” that enable them to render “instantaneous, automated judgments about a consumer,” which may result in some paying more than others, according to a recent petition filed with the Federal Trade Commission by the Consumer Education Foundation, a California nonprofit. In one example found by the group’s researchers, different Walmart online customers saw different prices for a box of ballpoint pens: $9.69 when the retailer had access to the customer’s personal data; $4.15 when it didn’t have the data.
Even without transaction data, tech companies can make determinations about users’ financial health. According to a recent report by The Intercept, some advertisers have been able to use specially provided data from Facebook to target ads based on a user’s perceived creditworthiness. Facebook told the publication it has not rated users’ credit scores for ads, but the company already assigns “trust scores” to users, and it has patents on systems for linking social media accounts with data from financial institutions and on determining the riskiness and “legitimacy” of users based on their financial data and those of their friends.
If Facebook’s scoring systems illustrate the potential value that tech platforms see in users’ financial behavior, Google’s mining of our inboxes illustrates how we lose our data to begin with, often without knowing it.
Google CEO Sundar Pichai wrote in a New York Times op-ed in May, “We give you clear, meaningful choices around your data. All while staying true to two unequivocal policies: that Google will never sell any personal information to third parties; and that you get to decide how your information is used.” (In an email sent to Fast Company after this story was published, a Google spokesperson emphasized the steps the company had taken to improve user privacy in recent years, including added controls and data download tools.)
“We also collect the content you create, upload, or receive from others when using our services. This includes things like email you write and receive, photos and videos you save, docs and spreadsheets you create, and comments you make on YouTube videos. We collect information about your activity in our services, which we use to do things like recommend a YouTube video you might like. The activity information we collect may include: Purchase activity.”
In other words, we already made the choice to let companies watch us when we clicked “yes.” We may not have known it, but increasingly that means giving the tech giants a peek inside our wallets too.
— with Alex Pasternack
Joel Winston is an attorney specializing in privacy and telecommunications law. He’s previously written about Equifax employment credit reports and the Facebook/ Cambridge Analytica scandal for Fast Company. Follow him on Twitter: @joelwinston.