A new technology that Google uses to track billions of credit card transactions is unsafe, overly intrusive, and possibly in violation of federal law, according to a complaint the Electronic Privacy Information Center filed Monday with the U.S. Federal Trade Commission.

EPIC urged the FTC to investigate Google over its Store Sales Management program, criticizing it as unfair and deceptive to consumers, and lacking an easy way to opt out.

Google uses its SSM program to track whether consumers have converted online advertisements displayed on Google search pages into in-store purchases, according to the complaint. It collects credit card data on billions of transactions and matches them to determine the effectiveness of online ads in influencing consumers to purchase the promoted goods and services.

Google has refused to release specific data on the algorithm the SSM technology uses, but it apparently is based on CryptDB, which is described in a 2011 MIT research paper funded by Google and Citigroup, according to the complaint.

Data Capture

Google in 2014 launched Store Visit Management, a technology that allows advertisers to track the number of people who click on a Google AdWords ad and then visit their stores, the EPIC complaint notes. More than 5 billion store visits have been tracked by AdWords to date, with major retailers like Home Depot, Sephora and Nissan having used the tool.

Google earlier this year expanded the program to YouTube customers who buy YouTube TrueView ads, according to the complaint.

Google has denied the alleged customer privacy violations and said the complaint includes several inaccuracies.

All data is encrypted and aggregated, and Google does not share any identifiable credit card data, the company maintained. It uses only the data that customers have consented to have associated with Web and app activity in their Google account,…