$425 Million Google Class Action Lawsuit: Do You Qualify for a Payout?

This week, a federal jury in California found Google liable on two counts of privacy violations for continuing to collect the data of millions of users who had turned off a data tracking setting in their Google Accounts. Google has to pay $425 million for the privacy violations.

Google denies the allegations in the lawsuit and plans to appeal the verdict, so there is no date set yet on when members of the nationwide class action lawsuit will get a payout or how much that payout will be. If a court overturns the verdict after the appeal, there might be no payout at all.

Here’s what you need to know about the lawsuit, what’s next for the $425 million payout ordered by the jury and what you need to know about protecting your privacy and online security.

From just $107.88 $24.99 for Kiplinger Personal Finance

Be a smarter, better informed investor.

CLICK FOR FREE ISSUE

Sign up for Kiplinger’s Free Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

What is the Google class action lawsuit about?

The case of Rodriguez v. Google LLC was originally filed in July, 2020. The plaintiffs accused Google of continuing to collect user data despite those users expressly turning off data tracking settings in their Google accounts.

According to the class action lawsuit website for the case, “Google unlawfully accessed their [class action members’] mobile devices to collect, save, and use the data concerning their activity on non-Google apps that have incorporated certain Google software code into the apps.”

The plaintiffs allege that Google misrepresented the data privacy options that users have and that, because of Google’s near-omnipresence on the internet, users have no meaningful way of stopping the company from tracking their data.

In the original complaint filed in July 2020, the plaintiffs said that Google “intercepts, tracks, collects and sells consumer mobile app browsing history and activity data regardless of what safeguards or ‘privacy settings’ consumers undertake to protect their privacy.”

They further allege that this true even if you don’t use Google-branded apps or devices as “Google still tracks and compiles their communications by covertly integrating Google’s tracking software into the products of other companies.”

The plaintiffs argue that 70% of websites use Google Analytics. I couldn’t find a source to verify that number. But, according to GA4, a company that provides training and support for businesses using Google Analytics, 44 million websites use the data analysis tools, representing over 55% of all websites.

In either case, the plaintiffs’ argument about the difficulty of avoiding being tracked by the service still holds. “Other than staying off the internet entirely, there is no effective way for consumers to avoid Google Analytics and its surreptitious tracking.”

In short, the lawsuit argues that because of the widespread use of Google Analytics, which continues to track users’ activity and other data across both websites and apps, the company misrepresented the degree of control users have over what data is collected about them and when.

On Wednesday, the jury agreed with the plaintiffs that this constituted an invasion of privacy, though it did not agree that Google violated users’ privacy with malice, oppression or fraud – a distinction that would have, potentially, allowed the court to demand “disgorgement” of the profits Google made by collecting that data.

As of now, Google denies all allegations and will be appealing the jury’s verdict. In a brief filed on Tuesday, Google’s legal defense team argued, among other things, that its disclosures and privacy policy statements are unambiguous and could not be misread. Specifically, the setting in question does not explicitly state that it revokes permission for the company to collect data for Google Analytics.

In other words, Google argues that users should have known that turning off “Web & App Activity” tracking in their Google account settings would not, in fact, stop Google from tracking web and app activity. During the trial, the plaintiffs countered that point by arguing that the language is intentionally vague and deceptive on this point.

How much does Google have to pay as part of the lawsuit?

While the plaintiffs initially sued for $31 billion in damages, the jury didn’t find Google liable on the third count of violating the CDAFA. But, for their liability on the two counts of privacy violations, the jury determined that Google has to pay $425 million. That includes approximately $247 million for members with Android devices and $178 million for members with non-Android devices.

The final amount, if any, is still to be determined since Google is appealing the verdict.

Who is eligible for the $425 million class action lawsuit and payout?

There are approximately 98 million members of the class action lawsuit. Specifically, those who might be eligible for a payout if Google’s appeal is rejected include individuals who meet the following criteria:

• Had a Google account that is “non-enterprise” or “non-Unicorn” (meaning a supervised account for users under 13).
• Turned the “Web & App Activity” or “supplemental Web & App Activity” setting turned off or paused at any point between July 1, 2016 and September 23, 2024.
• Despite turning off or pausing that setting, your data was still transmitted to Google from a non-Google branded app.

Save Up to 68% On Aura Identity Theft Protection
Aura provides everything you need to protect your identity. Get up to 250x faster fraud alerts, 3-bureau credit monitoring, up to $5 million in identity theft insurance, and 24/7 U.S.-based fraud support. It also includes an antivirus, VPN and password manager for proactive security. Kiplinger readers can save up to 68% when they sign up.

Preferred partner (What does this mean?)

Can you protect your privacy online?

What this case highlights for users of the internet is that you should assume your data is always being collected by default.

Even if you have access to privacy settings on a particular app, website or service, there’s a good chance your data is still being collected, if not by the website itself, by the Google Analytics code embedded in approximately 55% to 70% of websites.

Given that reality, what can you do to reclaim some control over your privacy? Here are a few tips that aren’t perfect solutions, but can help:

• Limit the number of apps you download to your mobile devices. And, regularly uninstall apps that you no longer use.
• Make use of whatever privacy controls a website or app does offer. When you get that cookie notice upon landing on a website, look carefully for your options to turn off as many tracking settings as the website allows you to. Upon signing up for a service or downloading an app, go to the account settings and turn on any privacy settings that you can. Check back regularly for new privacy settings as these do change periodically.
• Use a virtual private network (VPN), a type of software that encrypts your online activity and obscures your location when browsing the internet.
• Be aware that even with all of these privacy settings enabled, there is still, more often than not, a lot of data about your online activity, devices and even location being collected and shared about you. Keeping this in mind can help protect yourself from scams and fraud by making you more alert to suspicious emails, texts or phone calls, even when they include personal information about you.

Related content

• Capital One $425M Class Action Settlement: Do You Qualify?
• Five Biggest Frauds To Watch Out For
• Is Identity Theft Protection Worth It?
• How to Protect Your Identity, Finances If You Lose Your Phone