A proposed class action claims Google LLC has violated myriad privacy laws by collecting Chrome users’ personal data even when they choose not to “sync” the web browser to their Google account.
Although Google represents in its privacy notices that Chrome users “don’t need to provide any personal information to use Chrome” and that the information the browser stores “won’t be sent to Google unless you choose to store that data in your Google Account by turning on sync,” the tech behemoth surreptitiously surveils and collects data for all Chrome users—even those without a Google account, the 93-page case out of California alleges.
Describing the defendant’s actions as “a serious and irreversible invasion of privacy,” the lawsuit, filed by four plaintiffs, claims Google “directly contradicts” its promise not to share user data and has taken advantage of the “unprecedented power” derived from Chrome’s market dominance to surveil the lives of “more than half” of the country’s internet users without their knowledge or consent.
All told, Google has surreptitiously programmed Chrome for surveillance “no matter what the user does,” and has effectively broken its contract with and has become unjustly enriched via Chrome users, the lawsuit charges. From the complaint:
“As Google expanded the scope of access to Plaintiffs’ personal information beyond that which Plaintiffs had agreed, users were denied the benefit of a Chrome experience where they were promised the right to determine the terms and scope of their content and personal information sharing. Thus, through Chrome’s sharing of Plaintiffs’ personal information with Google, Plaintiffs lost benefits.”
According to the case, the Chrome privacy notice states that the browser will not send any personal information to Google unless the user affirmatively chooses to “sync” the browser with their Google account by changing the default setting. The suit alleges, however, that regardless of whether a Chrome user has chosen to sync their account, or even whether they have a Google account, the defendant improperly collects their personal information, including IP addresses, session and persistent cookie identifiers, X-client data headers, and browsing history.
By piecing together a Chrome user’s data, Google is able to create a detailed dossier of an individual’s personal information—consisting of their name, address, education, income, hobbies, interests, relationships, political affiliations, and religious beliefs—that the company can use to fuel its advertising revenue, the lawsuit says.
While an “untracked” user may only be shown generic ads, a “tracked” Chrome user is “a more lucrative target” for the defendant given they’re more likely to demonstrate higher engagement and therefore generate more revenue for Google, the suit alleges.
“The more active a user is, the more vulnerable to targeting she is, and more valuable as well,” the complaint reads, adding that advertising represented 83 percent of Google’s total revenues in 2019.
The lawsuit goes on to allege that Chrome users who believe they are not being surveilled are likely to engage “more actively and more intimately” with web content, exposing “further categories of valuable advertising” for Google.
The plaintiffs argue that although Google has paid “lip-service” to the importance of internet privacy protections, the defendant’s actions stand in stark contrast to its public stance. Per the complaint, the plaintiffs relied on Google’s privacy policies and were encouraged by the company’s promises of limited data sharing to engage with the browser “more than they would have otherwise.”
As a result, Google “took more data than the parties agreed would be exchanged,” the lawsuit argues, adding that the worth of the plaintiffs’ data has marketable value to which they are entitled.
“The delta in data between what Chrome promised and what in fact Chrome sent to Google can be measured in data and also in dollars, because data has value,” the complaint states.
Alleging violations of the federal Wiretap Act, Stored Communications Act, and the California Invasion of Privacy Act, among other statutes, the 16-count lawsuit looks to represent anyone in the U.S. who used Google’s Chrome browser on or after July 27, 2016 without choosing to sync with any Google account and whose personal information was collected by Google.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.