Users of Google’s Chrome internet browser filed a class action complaint on Monday in the Northern District of California against Google for data privacy violations, alleging that Chrome surreptitiously sent Google the personal information of Chrome users, despite those users choosing not to sync their Google account with their web browsing and Google’s failure to obtain consent for this practice.
The class consists of Google Chrome users who did not “Sync” their browsers with their Google accounts while searching the web from July 27, 2016 to the present. The plaintiffs have used Chrome to browse and exchange communication but did not give Chrome consent to share their personal information with Google. Each of the plaintiffs experienced this alleged surreptitious data transmission, despite being an un-synched user. The plaintiffs each recorded the alleged data transmission between Chrome and Google.
Chrome stated it would not share personal information with Google if the user was not synched, which the plaintiffs asserted was intended to increase users and user engagement because of Google’s purported privacy efforts, which financially benefits Google from increased engagement. Nevertheless, the plaintiffs, referred to as Un-Synched Chrome Users, claimed that “Google expressly promises Chrome users that they ‘don’t need to provide any personal information to use Chrome’ and that ‘[t]he personal information that Chrome stores won’t be sent to Google unless you choose to store that data in your Google Account by turning on sync.” However, “[d]espite these express and binding promises, Google intentionally and unlawfully causes Chrome to record and send users’ personal information to Google regardless of whether a user elects to Sync or even has a Google account.”
Chrome reports personal information to Google using packet-switching. The test example in the complaint used three different examples, one with a user whose account is synched with their Google account, a second not synched but logged into another Google service, and the third when the user’s activity is neither synched nor logged into another Google account. It found that “Google causes Chrome to send PI [personal information] to itself even when a Chrome user has not authorized the data collection by synching.”
The plaintiffs proffered that Google “improperly collects personal information from un-synched Chrome users without consent and in breach of contact.” Google’s contract with Chrome users defines personal information as “information that you provide to use which personally identifies you … or other data that can be reasonably linked to such information by Google, such as information we associate with your Google Account.” Specifically, the plaintiffs stated that examples of personal information collected and shared with Google include identifiers like an IP address connected to a user; unique, persistent cookies; unique browser identifiers, called X-Client Data Headers; and browsing history. Google supposedly can identify users and track them across other Google services.
As a result of Chrome collecting and sharing this information, the plaintiffs asserted that Google has violated its contract with Un-Synched Chrome Users. The collected information also included electronic communications, which are protected by wiretap laws. All of this information and electronic communications for which Google was not a party was allegedly collected without Google obtaining user consent and in violation of the federal Electronic Communications Privacy Act and California statutes, among other violations. Furthermore, this personal information has real economic value, for which Google has allegedly been unjustly enriched. The class also asserted that Google’s violations are a violation of privacy and important because of Google’s dominant role as a web browser and ability to surveil consumers online.
The plaintiffs have sought to certify the class action, an award for damages, injunctive relief, an award for costs and fees, and other relief. The plaintiffs are represented by Bleichmar Fonti & Auld LLP as well as Simmons Hanly Conroy LLC and Kaplan Fox & Kilsheimer LLP.