A few days ago, an Australian app developer wrote about what’s become a big problem for Google—playing fast and loose with the privacy of consumers. According to this developer, Google provides the personal details of consumers to app developers when their app is purchased in the Google Play store. The developer, a man named Dan Nolan, found the customer data in his merchant account—data that contained the name, city and email address of every customer who had purchased his app. As Nolan said, this information could give app developers the ability to harass Google Play users who may have, for instance, left negative reviews of an app. Or the information could be used for even more unscrupulous tactics.

According to Google, they’re not breaking their own rules. It’s explained in the Privacy Notice for both Google Wallet. Any purchase that’s made through the Google Play store is treated as a Google Wallet purchase, which allows the information to be shared with the developer. While it may be legal, privacy advocates aren’t buying it. As Marc Rotenberg, executive director of the Electronic Privacy Information Center, told Reuters, Google has hidden that information from the consumer:

“Meaningful consent is about people understanding what they’re getting into. It’s about not tricking them,” said Rotenberg. “In a situation like this, where people just don’t know what information is being transferred or who it’s going to or for what purpose, it seems ridiculous to say that Google has consent.”

While there are rules outlining purposes for which developers can use this information, its wishful thinking that the emails or other important personal information wouldn’t be used for marketing or other actions.

This seems to be par for the course for Google. This latest privacy blunder adds to a long string of problems Google has had with protecting the information of consumers. The European Union has been investigating Google over its privacy policy, and will likely soon make Google change its practices over privacy concerns. In 2010, Google was found to have been collecting personal information from unsecured Wi-Fi networks as it’s Street Views cars roamed cities in both the US and Europe. Google claimed the information collection was an accident, but regulators in Europe and the US found evidence it was intentional. And late last year, Google was recently handed a $22.5 million fine over circumventing Safari’s privacy protections against users’ wishes.

It seems unlikely that this adds up to a series of coincidences, but rather a trend of lax privacy concern for consumers. Google should consider living by its (now discarded) motto of “Do No Evil,” and consumers should be aware of the pitfalls of trusting information to any corporation, especially one whose main business relies on providing their true customers (advertisers) with an audience to sell.

Zack Christenson writes on digital tech issues for the American Consumer Institute Center for Citizen Research