Court (Barely) Allows Class Action Lawsuit Over Google's Location Tracking To Move Forward

from the tough-to-cry-'foul'-when-you're-opting-in dept

A 2018 lawsuit [PDF] against Google over location tracking survives, but only just. The lawsuit -- filed after a report showed Google was still collecting location data even after users shut off location services on Android phones -- alleges Google violated California laws and privacy protections by tracking users (including children) after it had been told not to.

The lawsuit has been dismissed [PDF], but the court is giving the plaintiffs a chance to amend the lawsuit and suggesting there are issues the court alone can't decide. (via FourthAmendment.com)

The plaintiffs allege they were led to believe Google would no longer collect and store location data when "Location History" was shut off. They cite Google's own support page, which (formerly) stated "With Location History off, the places you go are no longer stored." The court says this language could have misled users, no matter what Google's Privacy Policies and Terms of Services actually said about location data.

Drawing all inferences in favor of Plaintiffs, a reasonable user could believe that disabling Location History prevented Defendant from collecting and storing geolocation data. This conclusion is bolstered by the fact that many people were mislead by the effect of disabling Location History. See, e.g., Compl. ¶ 4. Moreover, the support page Defendant points the Court to was created after this litigation had already commenced. At the time Plaintiffs’ original complaints were filed, the page described Web & App Activity as merely a means to “[s]ave your search activity on apps and in browsers to make searches faster.” Id., Ex. 28. The page did not expressly state that geolocation data may be collected.

Google argues that users consent to sending location info to Google when using some of its services. That may be, but the court points out people agreeing to send some data to Google when using products like Google Maps is not the same thing as granting Google permission to store that data indefinitely. No good, says the court.

The Court thus rejects Defendant’s contention that by consenting to transitory use, Plaintiffs consented to geolocation collection. To the contrary, it is plausible that Plaintiffs gave a narrow consent to geolocation tracking, exclusive of data storage.

Either way, it's probably not going to be settled at this stage of litigation, which is already in its sixteenth month.

It is plausible that Plaintiffs only consented to transitory use tracking and revoked any consent to the storage of their geolocation history. It is also plausible that they did not revoke such consent. The Court cannot conclude either way—factual disputes remain. “This is an issue for the jury.” Opperman, 205 F. Supp.3d at 1073 (holding that the plaintiffs produced sufficient evidence showing they did not consent to the defendants’ actions). For these reasons, the Court holds Plaintiffs have plead sufficient facts to show they did not consent to the storage of their geolocation information

The court does dismiss the plaintiffs' CIPA (California Invasion of Privacy Act) claims. By conceding they gave Google permission to collect location data when using Maps or checking "showtimes for movies playing nearby," the litigants have undercut this claim.

Hence, Plaintiffs issue is not with Defendant tracking them during application use, rather their issue is with the storage of that data. See Opp. at 3–4 (“[I]n accepting the transitory use of location information for an immediate, discrete purpose, Plaintiffs in no way consented to indefinite storage of their daily locations and movements . . . .”). For this reason, Plaintiffs’ CIPA claim fails as a matter of law because CIPA, by its plain terms, is not concerned with data storage but focuses on unconsented data tracking, which is not at issue.

That claim is dismissed with prejudice as the court sees no way the plaintiffs can amend this particular claim to make it actionable.

The California-based invasion of privacy claim fails as well, but not as badly. Invasion of privacy claims are Fourth Amendment-related, but the court sees nothing in Google's actions that could possibly be a Fourth Amendment issue, even with recent Supreme Court decisions expanding citizens' expectations of privacy.

Plaintiffs contend that Defendant’s surreptitious collection and storage of comprehensive and highly sensitive location data violates their information privacy rights. Opp. at 15. Even if the collection of granular and specific location data establishes an information privacy interest, Plaintiffs’ theory is undercut by the admission that Defendant only tracked and collected data during use of Google services. Accordingly, Defendant’s “profile” of a user is only as specific as their use of Google services. Carpenter v. United States and United States v. Jones do not undercut this conclusion.

What Google collected was far less than what the plaintiffs' cellphone providers collected, and yet, the lawsuit only alleges a violation by Google.

First, there was no claim that MetroPCS and Sprint, the phone companies holding the cell-site location information, violated the plaintiff’s right of privacy by having such robust geolocation records. Id. at 2212. The case thus does not stand for the proposition that geolocation collection violates the right of privacy.

Second, the cell-site location information discussed in Carpenter was comprehensive—the cell-site location information provided cellular companies with a rough “map” of a customer’s fluid movements. Id. at 2211. Such comprehensive data collection is not at issue here; Plaintiffs’ geolocation information depends on how often they use Google’s services. Defendant’s collection of geolocation data is not automatic; it does not happen by the routine “pinging” of a cell-phone tower.

[...]

Here, unlike the continual GPS tracking in Jones, not all of Plaintiffs movements were being collected, only specific movements or locations. Such “bits and pieces” do not meet the standard of privacy established in Carpenter or Jones.

This allegation is being allowed to move forward, though. But it probably won't live on for long if the plaintiffs can't find something more specific to allege than a theoretical "mosaic" of the plaintiffs' movements, which possibly included visits to "sensitive or confidential locations."

It's not that Google is in the right if it misled phone users into thinking they weren't being tracked when they were being tracked. It's also not right just because cellphone service providers track location almost continuously. But if the claim is that Google collected users' location data when users utilized services they knew would send that data to Google, then the lawsuit should fail.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: class action, location history, location tracking
Companies: google