Court (Barely) Allows Class Action Lawsuit Over Google's Location Tracking To Move Forward

from the tough-to-cry-'foul'-when-you're-opting-in dept

A 2018 lawsuit [PDF] against Google over location tracking survives, but only just. The lawsuit -- filed after a report showed Google was still collecting location data even after users shut off location services on Android phones -- alleges Google violated California laws and privacy protections by tracking users (including children) after it had been told not to.

The lawsuit has been dismissed [PDF], but the court is giving the plaintiffs a chance to amend the lawsuit and suggesting there are issues the court alone can't decide. (via FourthAmendment.com)

The plaintiffs allege they were led to believe Google would no longer collect and store location data when "Location History" was shut off. They cite Google's own support page, which (formerly) stated "With Location History off, the places you go are no longer stored." The court says this language could have misled users, no matter what Google's Privacy Policies and Terms of Services actually said about location data.

Drawing all inferences in favor of Plaintiffs, a reasonable user could believe that disabling Location History prevented Defendant from collecting and storing geolocation data. This conclusion is bolstered by the fact that many people were mislead by the effect of disabling Location History. See, e.g., Compl. ¶ 4. Moreover, the support page Defendant points the Court to was created after this litigation had already commenced. At the time Plaintiffs’ original complaints were filed, the page described Web & App Activity as merely a means to “[s]ave your search activity on apps and in browsers to make searches faster.” Id., Ex. 28. The page did not expressly state that geolocation data may be collected.

Google argues that users consent to sending location info to Google when using some of its services. That may be, but the court points out people agreeing to send some data to Google when using products like Google Maps is not the same thing as granting Google permission to store that data indefinitely. No good, says the court.

The Court thus rejects Defendant’s contention that by consenting to transitory use, Plaintiffs consented to geolocation collection. To the contrary, it is plausible that Plaintiffs gave a narrow consent to geolocation tracking, exclusive of data storage.

Either way, it's probably not going to be settled at this stage of litigation, which is already in its sixteenth month.

It is plausible that Plaintiffs only consented to transitory use tracking and revoked any consent to the storage of their geolocation history. It is also plausible that they did not revoke such consent. The Court cannot conclude either way—factual disputes remain. “This is an issue for the jury.” Opperman, 205 F. Supp.3d at 1073 (holding that the plaintiffs produced sufficient evidence showing they did not consent to the defendants’ actions). For these reasons, the Court holds Plaintiffs have plead sufficient facts to show they did not consent to the storage of their geolocation information

The court does dismiss the plaintiffs' CIPA (California Invasion of Privacy Act) claims. By conceding they gave Google permission to collect location data when using Maps or checking "showtimes for movies playing nearby," the litigants have undercut this claim.

Hence, Plaintiffs issue is not with Defendant tracking them during application use, rather their issue is with the storage of that data. See Opp. at 3–4 (“[I]n accepting the transitory use of location information for an immediate, discrete purpose, Plaintiffs in no way consented to indefinite storage of their daily locations and movements . . . .”). For this reason, Plaintiffs’ CIPA claim fails as a matter of law because CIPA, by its plain terms, is not concerned with data storage but focuses on unconsented data tracking, which is not at issue.

That claim is dismissed with prejudice as the court sees no way the plaintiffs can amend this particular claim to make it actionable.

The California-based invasion of privacy claim fails as well, but not as badly. Invasion of privacy claims are Fourth Amendment-related, but the court sees nothing in Google's actions that could possibly be a Fourth Amendment issue, even with recent Supreme Court decisions expanding citizens' expectations of privacy.

Plaintiffs contend that Defendant’s surreptitious collection and storage of comprehensive and highly sensitive location data violates their information privacy rights. Opp. at 15. Even if the collection of granular and specific location data establishes an information privacy interest, Plaintiffs’ theory is undercut by the admission that Defendant only tracked and collected data during use of Google services. Accordingly, Defendant’s “profile” of a user is only as specific as their use of Google services. Carpenter v. United States and United States v. Jones do not undercut this conclusion.

What Google collected was far less than what the plaintiffs' cellphone providers collected, and yet, the lawsuit only alleges a violation by Google.

First, there was no claim that MetroPCS and Sprint, the phone companies holding the cell-site location information, violated the plaintiff’s right of privacy by having such robust geolocation records. Id. at 2212. The case thus does not stand for the proposition that geolocation collection violates the right of privacy.

Second, the cell-site location information discussed in Carpenter was comprehensive—the cell-site location information provided cellular companies with a rough “map” of a customer’s fluid movements. Id. at 2211. Such comprehensive data collection is not at issue here; Plaintiffs’ geolocation information depends on how often they use Google’s services. Defendant’s collection of geolocation data is not automatic; it does not happen by the routine “pinging” of a cell-phone tower.

[...]

Here, unlike the continual GPS tracking in Jones, not all of Plaintiffs movements were being collected, only specific movements or locations. Such “bits and pieces” do not meet the standard of privacy established in Carpenter or Jones.

This allegation is being allowed to move forward, though. But it probably won't live on for long if the plaintiffs can't find something more specific to allege than a theoretical "mosaic" of the plaintiffs' movements, which possibly included visits to "sensitive or confidential locations."

It's not that Google is in the right if it misled phone users into thinking they weren't being tracked when they were being tracked. It's also not right just because cellphone service providers track location almost continuously. But if the claim is that Google collected users' location data when users utilized services they knew would send that data to Google, then the lawsuit should fail.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: class action, location history, location tracking
Companies: google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 2 Jan 2020 @ 10:32pm

    Is this the same court that fined that company $1.00 for driveby remote data thefts? They must love that google.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jan 2020 @ 7:46am

      Re:

      It reminds me that every time there is a (fake) referendum vote over something federal or state allowing citizens to vote on a matter, the government always wins 51-49!

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Jan 2020 @ 8:07am

        Re: Re:

        I do not recall any such 'referendum' vote at the federal level in the US.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Jan 2020 @ 9:15am

          Re: Re: Re:

          Alaska law which legalized personal amout of marijuana conflicted with federal law and that matter went up to vote and sure enough 51-49 so the government won probably before you could wipe your own nose. There have been others as well where 51-49 was decidely for government wish. Its a joke. Voting institution was so easy for them to usurp. That is why we are having such a show now pertaining to the vote.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 Jan 2020 @ 9:38am

            Re: Re: Re: Re:

            I was referring to a 'referendum' vote at the federal level where all registered voters in the entire country get a vote on a particular issue. I have not seen such a thing in the US and was unaware of its existence.
            Your example of Alaska law would be for the state of Alaska only and has little to no affect elsewhere, this is at the State level and not at the Federal level.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 3 Jan 2020 @ 10:01am

              Re: Re: Re: Re: Re:

              Well, 51-49 is still a thing. Watch for it. I have seen this a few times and thought, "those frauds!"

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 3 Jan 2020 @ 10:02am

              Re: Re: Re: Re: Re:

              It has come up between state and federal laws conflicting. That is what I meant.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 3 Jan 2020 @ 11:48am

                Re: Re: Re: Re: Re: Re:

                Uhh bro. That’s not a voter issue. That’s a court issue.

                link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jan 2020 @ 7:09am

    This is why we need the concept of data fiduciaries. Legislative law or case law, one way or another, we need data fiduciaries to be a real concept with real teeth.

    link to this | view in chronology ]

  • icon
    Zof (profile), 3 Jan 2020 @ 7:39am

    How dare they attack Google.

    Google are the bestest evar. Honest. But just barely.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jan 2020 @ 7:43am

      Re: How dare they attack Google.

      Google LIES. And usually gets away with it, just barely.

      link to this | view in chronology ]

      • icon
        Norahc (profile), 3 Jan 2020 @ 8:20am

        Re: Re: How dare they attack Google.

        EVERY company lies.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Jan 2020 @ 9:17am

          Re: Re: Re: How dare they attack Google.

          If they lie, they are acting in bad faith. If that is the case, no contract should be valid with them. No EULA, no TOS, nothing.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 Jan 2020 @ 9:24am

            Re: Re: Re: Re: How dare they attack Google.

            Plenty of companies have no EULA or TOS with consumers whatsoever. They still lie, and have done so since companies and corporations were a thing. Sure, the social contract with all manufacturing and raw materials production should be invalidated.

            link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 Jan 2020 @ 5:30am

            Re: Re: Re: Re: How dare they attack Google.

            Is this a one way contract, where only one party is held to the terms while the other party is allowed to do whatever they please? Sounds familiar.

            link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jan 2020 @ 11:48am

      Re: How dare they attack A piece of shit

      Why you still here bro?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jan 2020 @ 8:36am

    Say one thing in the big print...

    and another in the fine print. Typical Google.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Jan 2020 @ 9:31am

    Plaintiffs’ CIPA claim fails as a matter of law because CIPA, by its plain terms, is not concerned with data storage but focuses on unconsented data tracking, which is not at issue.

    Dumbest fucking argument i have ever heard. There is no tracking without storage. Knowing where one is instantaneously, and instantly forgetting, was and is almost never the issue. Permanent storage of location data is... wait for it... tracking.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jan 2020 @ 5:32am

    Re: Tivoli Garden Resort, Best Wedding Banquet Halls in Delhi

    Why would I go to India?
    If I were, why would I be looking for info on this blog?
    Are you that hard up for income?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.