Facebook and Google are being sued in two proposed class-action lawsuits that accuse the pair of deceptively gathering location data on netizens who thought they had opted out of such cyber-stalking.

The legal challenges stem from revelations earlier this year that even after users actively turn off "location history" on their smartphones, their location was still gathered, stored, and exploited to sling adverts.

Both companies use weasel words in their support pages to continue to gather the valuable data while seemingly giving users the option to opt out – and that "deception" is at the heart of both lawsuits.

In the first, Facebook user Brett Heeger claims the antisocial network is misleading folks by providing the option to stop the gathering and storing of their location data but in reality in continues to grab the information and add it to a "Location History" feature that it then uses for targeted advertising.

"Facebook misleads its users by offering them the option to restrict Facebook from tracking, logging and storing their private location information, but then continuing to track, log, and store that location information regardless of users’ choices," the lawsuit [PDF], filed in California, USA, states. "In fact, Facebook secretly tracks, logs and stories location data for all of its users - including those who have sought to limit the information about their locations."

This action is "deceptive" and offers users a "false sense of security," the lawsuit alleges. "Facebook’s false assurance are intended to make users feel comfortable continuing to use Facebook and share their personal information so that Facebook can continue to be profitable, at the expense of user privacy… Advertisers pay Facebook to place advertisements because Facebook is so effective at using location information to target advertisement to consumers."

And over to you, Google

In the second lawsuit [PDF], also filed in Cali, three people – Leslie Lee of Wyoming and Colorado residents Stacy Smedley and Fredrick Davis – make the same claim: that Google is deceiving smartphone users by giving them the option to "pause" the gathering of your location data through a setting called "Location History."

In reality, however, Google continues to gather locations data through its two most popular apps – Search and Maps – even when you actively choose to turn off location data. Instead, users have to go to a separate setting called "Web and App Activity" to really turn the gathering off. There is no mention of location data within that setting and nowhere does Google refer people to that setting in order to really stop location tracking.

As such, Google is engaged in a "deliberate, deceptive practice to collect personal information from which they can generate millions of dollars in revenue by covertly recording contemporaneous location data about Android and iPhone mobile phone users who are using Google Maps or other Google applications and functionalities, but who have specifically opted out of such tracking," the lawsuit alleges.

Both legal salvos hope to become class-action lawsuits with jury trials, so potentially millions of other affected users will be able to join the action and so propel the case forward. The lawsuits seek compensation and damages as well as injunctions preventing both companies from gathering such data with gaining the explicit consent of users.

Meanwhile at the other end of the scale, the ability for the companies to constantly gather user location data has led to them being targeted by law enforcement in an effort to solve crimes.

Warrant required

Back in June, the US Supreme Court made a landmark ruling about location data, requiring cops and FBI agents to get a warrant before accessing such records from mobile phone operators.

But it is not clear which hurdles or parameters need to be met before a court should sign off on such a warrant, leading to an increasing number of cases where the Feds have provided times, dates, and rough geographic locations and asked Google, Facebook, Snapchat, and others, to provide the data of everyone who was in the vicinity at the time.

This so-called "reverse location" order has many civil liberties groups concerned because it effectively exposes innocent individuals' personal data to the authorities simply because they were in the same rough area where a crime was carried out.

Some courts have required that such orders are more precise – for example, that organizations only hand over details if they are given multiple locations and times and only provide details of users who were there each time, for example, a rash of robberies took place. Another way of reducing the data footprint is for law enforcement to already have the name of a suspect, and possible even their cellphone number or unique serial number, and ask companies to effectively confirm whether they were at those locations at the specific times.

But the Feds are, for obvious reasons, reluctant to tie themselves down when they can make more blanket requests and, to their eyes, not allow criminals to slip through the net.

The most famous example of this approach was back in March in North Carolina when the cops were trying to find who was responsible for a number of armed robberies. But more and more cases are turning up, with one just this week in Virginia.

Leaky apps

And if all that wasn't bad enough, this week a paper [PDF] by eggheads at the University of Oxford in the UK who studied the source code of just under one million apps found that Google and Facebook were top of the list when it came to gathering data on users from third parties.

Google parent company Alphabet receives user data from an incredible 88 per cent of apps on the market. Often this information was accumulated through third parties and included information like age, gender and location. The data "enables construction of detailed profiles about individuals, which could include inferences about shopping habits, socio-economic class or likely political opinions," the paper revealed.

Facebook received data from 43 per cent of the apps, followed by Twitter with 34 per cent. Mobile operator Verizon – renowned for its "super cookie" tracker gets information from 26 per cent of apps; Microsoft 23 per cent; and Amazon 18 per cent.

Google disputed the findings, claiming that in many cases it was only receiving bugs reports and similar analytics, but the sheer scale of data gathering has given many pause for thought.

As for the location data lawsuits, Google as so far remained quiet and Facebook argues that it explains its policies clearly, and that it will "defend ourselves vigorously." ®