Google is, once again, under the legal spotlight. This time, a previously dismissed class action lawsuit against the tech giant has been revived. The lawsuit, originally filed by Google Chrome users, alleges that the company collected personal information without consent, even when users opted not to synchronize their browsers with their Google accounts.
At the heart of the revived lawsuit are allegations that Google, through its uber popular Chrome browser, collected users’ data without their permission. The plaintiffs argue that Google breached users’ privacy by gathering browsing history, IP addresses, cookie identifiers, and other personal information despite users’ explicit choice not to sync their browsers with Google accounts. According to the lawsuit, the collection of this information contradicts Chrome’s privacy notice, which assured users that no personal information would be gathered unless the sync function was turned on.
The lawsuit extends beyond just isolated instances of data collection. The plaintiffs contend that Google engaged in systemic violations of user privacy, which have affected Chrome users since July 27, 2016. These users believed they were protected by Chrome’s privacy features but were instead subjected to surreptitious data collection.
Initially, US District Judge Yvonne Gonzalez Rogers dismissed the case in December 2022, siding with Google’s defense that its general privacy policy provided users with sufficient notice regarding data collection practices. The lower court concluded that because Google’s privacy policy applied universally across its services, it governed the collection of data, regardless of which browser was being used or whether users had synced their accounts.
However, the 9th Circuit Court of Appeals disagreed with this conclusion. In a 3-0 decision, the court emphasized that the lower court should have assessed whether a reasonable Chrome user would have understood that they were consenting to data collection simply by using the browser without syncing their account. The court noted that Google had marketed Chrome with privacy assurances that suggested users’ data would not be sent to Google unless the sync feature was activated. This inconsistency raised questions about whether users were fully aware of the extent of Google’s data collection practices. Circuit Judge Milan Smith, writing for the appeals court, stressed that a reasonable user might not have interpreted Google’s privacy policy as implying consent to data collection when sync was not activated.
In a statement following the appeals court’s decision, Google spokesperson José Castañeda defended Chrome’s sync feature, arguing that it offers users clear privacy controls and facilitates seamless browsing across devices. “We disagree with this ruling and are confident the facts of the case are on our side. Chrome Sync helps people use Chrome seamlessly across their different devices and has clear privacy controls,” he said.
This lawsuit is not the first time Google has faced scrutiny over its data collection practices. The tech giant has been involved in multiple legal battles related to privacy, including a high-profile case last year in which Google agreed to destroy billions of records to settle allegations that it tracked users who believed they were browsing privately in Chrome’s “Incognito” mode. That settlement allowed individual users to pursue claims for damages, and thousands of Californians have since filed lawsuits against Google for similar privacy violations. The revived class action lawsuit against Google continues to cast a spotlight on the company’s broader privacy practices. Chrome users, as part of this class, believed they were safeguarded by Chrome’s privacy settings but later discovered that their personal information may have been collected without their explicit consent.