Judge Dumps Lawsuit Over Google's Privacy Policy Changes

from the no-standing dept

In the last few weeks of the year, there were a bunch of stories about attempts to change Instagram's terms of service, leading to what we believed to be a completely silly class action lawsuit against the company. Of course, earlier in the year, the uproar was over Google's plans to consolidate all of its dozens of different privacy policies into one that ran across all Google services. Beyond simplifying things for both Google and users, this did one other thing that got some people worried: it allowed Google to share your info across those services (e.g. your YouTube searches could impact ads shown in Gmail, or something like that). Some of this makes a lot of sense (it's great when I do a Google search on my laptop for an address, and 10 minutes later, when I open the Google maps app on my phone, it remembers that address -- that's really useful). But, some of it could be creepy. And when things get creepy, lawsuits get filed -- as happened with Google's privacy policy.

Right before the end of the year, however, Magistrate Judge Paul Grewal, while agreeing that Google might not respect consumer's privacy as much as it should, dumped the lawsuit against the company for a variety of reasons, including a lack of standing and a failure to show any actual harm. The full filing is a good read. On the issue of standing, there are two reasons for dumping the lawsuit. First, the plaintiffs claimed that it would be costly to replace their phones, but provided no evidence that anyone actually did that.
With respect to their claims regarding the cost of replacing their Android-powered phones to escape the burden imposed by Google’s new policy, Plaintiffs fail to allege injury in fact to themselves. This alone is sufficient to dismiss Plaintiffs’ replacement-related claims.... In the consolidated complaint, Plaintiffs do not allege that they have ever purchased a replacement mobile phone for the Android-based phones at issue. While individuals who did purchase such a replacement might have standing to pursue the associated costs, by including no such allegations in their complaint, Plaintiffs stand apart.
But, even beyond that, there's the problem of what "harm" is caused by Google sharing the info between services. It may be there, but the plaintiffs didn't show it.
Plaintiffs have not identified a concrete harm from the alleged combination of their personal information across Google’s products and contrary to Google’s previous policy sufficient to create an injury in fact. As Judge Koh noted in In re iPhone Application Litig., a recent case from the Central District of California is instructive. In Spectrum Media, the plaintiffs accused an online third-party advertising network of installing cookies on their computers to circumvent user privacy controls and to track internet use without user knowledge or consent. The court held that the plaintiffs lacked Article III standing because (1) they had not alleged that any named plaintiff was actually harmed by the defendant’s alleged conduct and (2) they had not alleged any “particularized example” of economic injury or harm to their computers, but instead offered only abstract concepts...
Then there's the bizarre part of the lawsuit in which the lawyers claimed that Google's actions violate the Wiretap Act -- but the court doesn't see it.
Plaintiffs contend that, under the Wiretap Act, an interception occurred when their content from one Google product was stored on Google’s servers and then combined with information from another Google product that also was stored on Google’s servers. Plaintiffs further contend that because the Wiretap Act defines “device” broadly as “any device or apparatus which can be used to intercept a[n] . . . electronic communication,” Google’s cookies, application platforms, and servers constitute devices under that act in that they intercept information from one Google product to store on Google’s servers and then to combine with information collected by other Google products. Plaintiffs utterly fail, however, to cite to any authority that supports either the notion that a provider can intercept information already in its possession by violating limitations imposed by a privacy policy or the inescapably plain language of the Wiretap Act that excludes from the definition of a “device” a provider’s own equipment used in the ordinary course of business.
The dismissal gives the plaintiffs the ability to amend the lawsuit, and it wouldn't surprise me to see it refiled, but it's going to be difficult for them to get past those issues.

I tend to agree with Eric Goldman's summary of this whole thing:

I don't know whether I'm heartened by the way the judicial system has handled the onslaught of privacy lawsuits in 2012, or saddened by the fact that privacy plaintiffs lawyers don't seem to be getting the message. Maybe that horse has left the barn; perhaps for the rest of our careers, we're destined to see a never-ending flow of bottom-feeding lawsuits every time an Internet company sneezes. Oh joy.

Even though Judge Grewal properly flushes this P.O.S. down the toilet, it's not all hugs and kisses to Google, especially when he says:

The court observes that Plaintiffs have raised serious questions regarding Google’s respect for consumers’ privacy.

He's right, and we should have an intelligent and cogent discussion about that. I sometimes wonder about Google's practices myself. Still, no matter how angry you are with Google's privacy practices, you should be even angrier about junk privacy lawsuits that aren't intended to, and won't, advance our interests as consumers.

Whether or not you think Google (or Instagram or anyone else) has gone too far with their terms of service or privacy policy changes, these lawsuits filed just because people don't like the policies are going nowhere.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy, privacy policies
Companies: google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ehud Gavron (profile), 7 Jan 2013 @ 1:39pm

    Wiretap Fail

    Services providers such as Google and Facebook use a network of geodiverse servers throughout the world. Regularly, data that are given to one server are synchronized to another server in another datacenter, another city, and even another country.

    If a putative plaintiff is not shown harm by his data shared between his posting in Skokie with it showing up on a server in Beijing, plaintiff would have a hard time showing that the same data, on the same server, being accessed by the same defendant (e.g google) is violating the wiretap laws by doing so from a different "service." If they refile this one these lawyers are the only ones making bank.

    E

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 7 Jan 2013 @ 3:16pm

    Unless Google provides a big button allowing you to opt out of such tracking, there's nothing cool about their new "privacy" policy at all.

    link to this | view in thread ]

  3. identicon
    Freddy Flint, 7 Jan 2013 @ 6:17pm

    Re:

    Top-right of any Google website.
    1) Click on your profile picture.
    2) Click "Sign out"

    Apparently, two-click is difficult and you can only handle one-click?

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 8 Jan 2013 @ 5:20am

    Re: Re:

    That doesn't stop Google from tracking your behavior.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 8 Jan 2013 @ 10:19am

    Re: Re: Re:

    Because IP addresses and cookies are people too?

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.