Website browsing history of users of at least twelve central government organizations has been sent to the U.S. Google’s ad server. This situation came about because all the websites involved were using Google’s advertisement analyzing software. It is in violation of Japan’s security standards. After the Yomiuri Shimbun pointed this out, seven government organizations stopped the practice.
An investigation, which ended in February, by the Yomiuri Shimbun and a data analysis company, DataSign, revealed that out of 35 websites used by government organizations including Cabinet Office and Cabinet Secretariat, 12 sites were set up to allow the Google ad server to automatically access user devises to receive device information and browsing history. The information acquired this way likely became Google’s private information.
When the government organizations introduced a free software “Google Analytics” in their systems to analyze access to the websites, its advertising feature was turned on. The Cabinet Office offered as explanation, “The contractor enabled it without consulting us.” The Ministry of Agriculture, Forestry and Fisheries said, “We did not fully understand the functions.”
This particular feature is generally used by media with advertising revenue. According to the National center of Incident Readiness and Strategy for Cybersecurity, using such a feature is prohibited under the unified government standard. It said the practice is “against the standard.”
To a request for comment, Google responded, “We have included a feature that enables the user to reject it if he/she so chooses.”