- Google is under fire for failing to disclose that its Nest Secure home alarm system has an embedded microphone.
- Privacy advocates are calling for significant change in light of the digital giant’s checkered data handling history.
When Google announced in early February that the company had added a feature to its Google Nest Secure system that allows it to work with Google Assistant to become a smart speaker, some consumers were surprised to learn the home security and alarm system has an embedded microphone. Google copped to failing to disclose the integrated microphone, admitting that detail should have been included in product information.
A Google spokesperson clarified that the microphone has never been on in the past, and the only way its functionality can be activated is “when users specifically enable the option.”
Google further clarified that all of its Nest security products, including its Nest Protect smoke and carbon dioxide detector, were built with in-product microphones for future features. Information about the Google Nest Protect microphone was included in product documentation. Google Nest thermostats do not contain a microphone.
When news of the Google Nest Secure microphone began circulating, privacy advocates called for more diligent oversight of the company. One group, the Electronic Privacy Information Center (EPIC), called for the U.S. Federal Trade Commission (FTC) to compel Google to sell its Nest division. EPIC released a statement saying, “It is a federal crime to intercept private communications or to plant a listening device in a private residence.”
The embarrassing Google Nest Secure microphone disclosure conjures up Google’s other past privacy violations, including its most egregious known issue: the company’s 2010 admission that for three years its Google Street View cars had been collecting and storing payloads from WiFi networks.
Separately, in January, France’s CNIL data privacy agency fined Google $57 million for failure to comply with the European Union’s General Data Protection Regulation (GDPR). CNIL cited Google for not informing search engine users how their personal data is mined and for not gaining consumer consent for personalized ads served to them.