Privacy & Cybersecurity Law Blog

Google recently resolved two cases—one by verdict and one by settlement—involving allegations regarding the control that Google promised to give users over Google’s use of their data. 

In Rodriguez v. Google LLC, 3:20-cv-04688, (N.D. Cal.), a group of class-representative plaintiffs obtained a $425 million verdict against Google, persuading the jury that Google saved consumers’ information from third-party apps after the consumers asked Google not to track their data. The plaintiffs alleged that the opt-out button was “fake,” and that Google stored and used consumers’ data to sell ads without their consent. 

In In re Google RTB Consumer Privacy Litigation, 4:21-cv-02155, (N.D. Cal.), Google and a group of plaintiffs have asked the court to approve a class-wide settlement where Google will allow users to limit the personal data that Google shares with companies in the ad-bidding process. The plaintiffs alleged that Google broke its privacy promises by selling users’ data to companies, which then used that data to create ads personalized to the consumers. The settlement does not require Google to pay any funds to class members, but experts have estimated the value of the settlement to be between $1.4 and $21.6 billion. It is anticipated that the parties will dispute the amount of plaintiffs’ attorney’s fees Google will have to pay.

These two cases highlight the importance of appropriate use of data-tracking technology, such as Google Analytics. Companies should take care to appropriately disclose their collection and use of that data, and take actions consistent with those disclosures.  Companies should also ensure that opt-out mechanisms in place effectively exclude from tracking those users who opt out. The cases also underscore the importance of understanding the scope and implications of tracking technologies that are used, to help ensure appropriate compliance measures.