Received an email from Google Fi that their policy is to “opt you in” to sell your phone-call and purchase info to advertisers. They call the data your CPNI — “Customer Proprietary Network Information”. Making this an opt-out when it’s a combo of your shopping data plus phone-call data (including destination and location) plus Google identity seems pretty egregious to me.
Anyway, the emailed notice is easy to overlook as just another policy update that you wouldn’t do anything about. But you can opt out.
At https://fi.google.com/account, go to “Privacy & security”, and deselect “Allow CPNI sharing”. It’s not in the Fi app; you have to do it in a browser.
I assume this is outside of Europe right? This breaks GDPR in every conceivable manner
Google Fi is exclusive to U.S. customers so it doesn’t matter if it breaks GDPR.
Yeah it does. GDPR applies for EU citizens regardless of where they are. It’s why every website in the fucking world has a cookie banner now. An EU citizen could register for Fi service with a VPN and a mailbox at a UPS store and Google’s handling of their data would be subject to GDPR.
So yeah, it definitely matters, and I wouldn’t be surprised if they get sued because of this.
Maybe the EU says the GDPR applies to all EU citizens regardless of where they are, but that doesn’t matter. ox at a UPS store and Google’s handling of their data would be subject to GDPR.
Maybe the EU says the GDPR applies to all EU citizens regardless of where they are, but that doesn’t matter. They only have the right to enforce the GDPR within their jurisdiction, regardless of where a EU citizen is.
Please see here.
Removed by mod
So uh, you think Google doesn’t operate or do business in the EU? They have 20+ offices there. In the example I gave, they would 100000% be subject to GDPR, fullstop; it’s not a question, matter of opinion, or debate. They’d even be subject to it if an EU citizen was physically inside the US on vacation and opened a Fi account while they were here.
I’m from Virginia and knowing compliance stuff (GDPR, CCPA, PCI DSS, NIST 800-*, etc) is a requirement of my job.
Removed by mod
Yea this should be for the rest of the world.