Apple & Google debut new measures that will limit user data sharing with law enforcement

Google on Tuesday announced that it will stop keeping users’ location history, even for users who have opted into sharing this information with the tech giant. This data, Google said, will now remain only on users’ devices.

“The Timeline feature in Maps helps you remember places you’ve been and is powered by a setting called Location History. If you’re among the subset of users who have chosen to turn Location History on (it’s off by default), soon your Timeline will be saved right on your device – giving you even more control over your data,” Marlo McGriff, Google Maps’ director of product, wrote in a blog post. “Just like before, you can delete all or part of your information at any time or disable the setting entirely.”

What’s more, location data will now automatically be deleted after three months. Previously, Google Maps’ default for automatic deletion was 18 months. Users who wish to save their data can change the auto-delete settings and can back up their information to the cloud.

These changes will roll out gradually during the coming year on both Android and iOS devices, McGriff explained.

It’s possible that the decision was made to protect Google from becoming embroiled in legal battles involving consumer data.

The new rules could free the tech company from turning over consumers’ location data under geofence warrants – search warrants that enable law enforcement officers to demand access to mobile device data of users within a given area from providers like Google. If Google is no longer storing users’ location data at the corporate level, the company won’t have any information to fork over to law enforcement officers with geofence warrants.

However, many technology experts are lauding the development. “We have seen instances where the use of the geofence warrant has had adverse outcomes. That’s not a sustainable situation looking forward, as more people are increasingly online,” says James Czerniawski, a senior policy analyst focused on technology and innovation at Americans for Prosperity, a libertarian think tank.

Following Google’s announcement, Apple this week updated its policies to include a new rule requiring law enforcement to obtain a court order or search warrant in order to gain access to users’ Apple IDs and push notification data, according to a report by TechCrunch.

Prior to this announcement, the tech company allowed law enforcement to access user data associated with its push notifications with a subpoena – a written order from a law enforcement agency without judicial oversight.

“This latest action requiring warrants is in line with the evolution of consumer expectations as well as trends in states like Utah to protect privacy and align with Fourth Amendment values, [which concern security] in a digital age while still establishing a standard by which law enforcement can access such information similar to offline evidence,” says Jennifer Huddleston, technology policy research fellow at Cato Institute.

“Apple continues to position itself in the market as the leader in responding to consumers who want a more privacy and security-sensitive experience,” she added.

Indeed, Apple has, in recent years, spearheaded a number of initiatives that give consumers greater control over their personal data, including introducing controls to block cross-app tracking through a mechanism called AppTrackingTransparency and rolling out Private Relay, a VPN-like tool that encrypts all traffic leaving a user’s device.

The new changes from Google and Apple come just days after US Senator Ron Wyden, a Democrat from Oregon, expressed concerns that foreign governments can “secretly [compel]” Apple and Google to share users’ push notifications. The Senator said his office received a tip last year that such demands were being made by foreign governments – demands that, if met, could help foreign governments spy on US consumers.

Wyden applauded the moves by Google and Apple this week, telling members of the press, “This is how oversight is supposed to work. Apple is doing the right thing by matching Google and requiring a court order to hand over push notification-related data.”

The developments align with what policy experts are observing in the attitudes of many lawmakers: growing concern about consumers’ data privacy, particularly as it concerns sensitive information shared with digital platforms.

“[There is] growing recognition by companies of the skepticism that both policymakers and the Supreme Court have been taking toward the third-party doctrine,” says Amie Stepanovich, vice-president of US policy at the Future of Privacy Forum, a Washington, D.C.-based think tank and data privacy advocacy group.

The third-party doctrine, a legal doctrine dating back to the 1970s, says that individuals who voluntarily share information with third parties like internet service providers, tech companies and financial institutions, can have “no reasonable expectation of privacy” for that data.

Today, however, policymakers are pushing back against this premise. “There has been slow but steady progress in recognition that … no longer do you give up your constitutional rights [regarding] information if you send it to a third party,” Stepanovich says. “As we think about the skepticism being shown toward that doctrine, and the idea that this information is getting more and more personal, companies are increasingly demanding that law enforcement go through regular processes as required by the Constitution or federal law … to gain access to personal data.”

“Inevitably,” Stepanovich says, when it comes to tech companies’ policies around sharing user data with law enforcement, debates about consumer privacy versus safety will come to a head.

However, she argues that rules for requiring warrants or court orders for access to user data “don’t necessarily [indicate] a preference for either privacy or safety, but recognize that you should have to show some sort of tie to criminal activity before law enforcement can gain access to vast amounts of what can be very personal information.” In her view, such policies “tie safety and privacy together.”

Other experts echo this sentiment. “Privacy and safety are not mutually exclusive goals,” says Americans for Prosperity’s Czerniawski.

And while Czerniawski sees these policy changes at Apple and Google as positive developments, he suggests that lasting change needs to come from US lawmakers. “It’s encouraging to see companies do what they can, but it serves as a reminder that lawmakers have an opportunity here to meet the moment of where the American people are at.”

For more, sign up for The Drum’s daily newsletter here.