Alphabet Inc, Google’s parent company, has agreed to settle a lawsuit that claimed that the former had tracked users and misled them about Google Chrome’s privacy protections, according to a Reuters report. The original lawsuit, filed in 2020 by California residents Chasom Brown, Maria Nguyen, and William Byatt, sought US$5 billion in damages. While the final settlement amount has not been made public, the two parties’ lawyers told Reuters that they have agreed to a binding term sheet through mediation, and expect to present a formal settlement for court approval by Feb. 24, 2024.
Some context:
When one turns on the Incognito mode on the browser they are informed that Google Chrome will not save their browsing history to their device or to the Google account that the person is signed into. They are also informed that the cookies and site data and information that is entered in forms will also not be saved by Chrome. The 2020 lawsuit alleged that Google continued to track users in Incognito mode when they visited a website that uses Google Analytics or Google Ad Manager. This is allegedly done by collecting the address, browser, and device information, and the webpage content that the consumer is looking at.
“Google’s tracking occurred and continues to occur no matter how sensitive or personal users’ online activities are. By tracking, collecting, and intercepting Plaintiffs’ personal communications indiscriminately—regardless of whether Plaintiffs have attempted to avoid such tracking pursuant to Google’s instructions—Google has gained a complete, cradle-to-grave profile of Plaintiffs without their consent” the lawsuit said.
Why it matters:
According to data by StatCounter, Google Chrome dominates the browser market in India. This tells us that the privacy concerns raised in the US lawsuit also affect a large chunk of the Indian population as well.
Can such a lawsuit occur in India?
It is notable that in August 2023, India rolled out its Digital Personal Data Protection (DPDP Act, 2023) Law to protect Indian internet users’ privacy online. The law states that a data fiduciary can process the personal data of a Data Principal for “the specified purposes for which the Data Principal has voluntarily provided her personal data to the Data Fiduciary, and in respect of which she has not indicated to the Data Fiduciary that she does not consent to the use of her personal data.” While there is no explicit financial penalty for processing data without user consent, it is stated that a violation of any of the provisions of the act (for which fines have not been specified) or the rules made to operationalize the act, would result in a fine of up to Rs. 50 crore.
In this case, the data collection activity has not been consented to but there was also no explicit denial of consent as required in the law. As such, it is unclear whether such a case could be legally permissible in India. It is also worth noting that even if such a case were to be made, the law has no provision for compensation for the affected users, so none of the money from such a settlement would ever find its way to the aggrieved.
Also read:
- Google Faces $5 Billion Lawsuit In The US For Tracking And Intercepting User’s Personal Information Via Incognito Mode
- Here’s When Entities Don’t Need To Ask For Consent As Per India’s Digital Personal Data Protection Bill
- Google Introduces New Features For Protecting Location History And Maps Activity Data
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!