Google’s privacy practices are once again under the microscope as a class action lawsuit that was filed in 2020 continues to progress through the court system. Allegations that the company violated users’ privacy by collecting their data without consent have raised significant questions about transparency, informed consent, and data governance in an age where we rely so readily on technology. Federal Judge Richard Seeborg recently ruled that the lawsuit could proceed, potentially setting a precedent for how companies are allowed to handle user data and how they disclose such information.
The lawsuit stems from complaints that Google continued to collect user data even after users disabled the “Web and App Activity” (WAA) toggle on their Android devices. According to the plaintiffs in the suit, the toggle, which is located within the privacy settings of an Android device, is misleading. Users believed that turning the toggle off would prevent Google from collecting any personal data, however, the suit claims that Google continued to collect pooled, anonymized data to support third-party app developers without sufficiently disclosing this practice.
Google has argued that it only collects aggregated data, not personally identifiable information, and that this is clearly disclosed to users. However, internal communications from Google employees, which were submitted as evidence, indicate a deliberate attempt to keep the purpose and function of the WAA toggle vague, potentially to avoid alarming users.
Judge Seeborg noted that the concerns expressed by Google employees are significant because they suggest that the WAA disclosures can, at the very least, be interpreted in multiple ways by users. “What is more,” Seeborg wrote, “the remarks and Google’s internal statements reflect a conscious decision to keep the WAA disclosures vague, which could suggest that Google acted in a highly offensive manner, thereby satisfying the intent element of the tort claim.”
Additionally, Seeborg dismissed Google’s argument that its data practices were justified because third-party app developers had already obtained user consent, arguing that no legal precedent supports the notion that consent granted to a third-party developer extends to vendors such as Google.
Hyoun Park, CEO and chief analyst at Amalgam Insights, emphasized that the lawsuit underscores the need for companies to align their data policies with user expectations. Park stated, “Enterprise data policies have typically assumed that vendors are not saving personal information unless there is some sort of opt-in policy.” He also added that the idea that overzealous data collection “doesn’t hurt anyone” distracts from the fundamental need for proper governance when it comes to user data.
The rise of artificial intelligence and increasingly complex data ecosystems only amplifies these challenges. As technology becomes increasingly more powerful, transparency becomes increasingly more important, but companies also recognize that such straightforward disclosure may scare off the public and hurt profits.
Google has maintained that it provides robust, fair privacy controls and that the lawsuit mischaracterizes its practices. A company spokesperson stated, “Privacy controls have long been built into our service, and the allegations here are a deliberate attempt to mischaracterize the way our products work.”
Nonetheless, Seeborg’s rulings have kept the door open for further scrutiny. He noted that Google’s explanations about the purpose of the WAA toggle and justifications of its privacy policies could be interpreted differently by a reasonable juror, setting the stage for a trial where the specifics of the tech giant’s data collection practices and their alignment with privacy laws will be examined in greater detail.
If the lawsuit proceeds to trial in August, it will likely shed more light on the technical and legal nuances of Google’s data collection methods. Judges will look to evaluate whether the company’s practices violated privacy law or whether they were simply part of standard product development.
The outcome of this case will hold significant influence on how companies structure their privacy settings and communicate their data practices to users in the future—industry analysts suggest that the audit faced by Google may encourage other tech giants to adopt more transparent, consumer-first data governance practices in the future.
Written by Saachi Kandula
