Skip to main content

Google Must Face Most Claims in Keyword Wiretap Class Action

Written by Jake Romero

If you were on Google’s home page yesterday at the office, you probably spent more time than you care to admit playing the “help the letter ‘g’ hit the piñata” game that Google created for its 15th birthday.

For Google, that might be a welcome distraction from very bad news it received from the Northern District of California.  U.S. District Court Judge Lucy Koh denied in part Google’s motion to dismiss a 2010 claim in which users accuse Google of violating various state and federal laws by scanning the content of user emails for purposes of creating user profiles and directing targeted advertising, thus allowing a putative class action suit against the search (and everything else online) giant to proceed.  

Judge Koh’s order (full text can be found here), is significant in its handling of a number of Google’s arguments, but the rejection of a particular line of argument is understandably receiving much of the attention. In its Motion to Dismiss, Google argued that its practice of scanning emails is not a violation of the Federal Wiretap Act because, among other reasons, Gmail users and non-Gmail users have consented to the interception of emails.   Google’s consent argument was two-fold.  First, it argued that Gmail users had “expressly consented” to having their emails scanned by agreeing to its Terms of Service and Privacy Policies, which every Gmail users is required to do.  Second, it argued that non-Gmail users have “impliedly consented” to the practice by sending an email to a Gmail user, because at that time those non-users understood how Gmail services operate.

Judge Koh rejected both of Google’s consent arguments, holding that the Court “cannot conclude that any party – Gmail users or non-Gmail users – has consented to Google’s reading of email for the purposes of creating user profiles or providing targeted advertising.”  The Court dug into the multiple iterations of Google’s Terms of Service and Privacy Policies that have been in place since 2007, and found that the policies did not explicitly notify users that Google would intercept emails for the purposes or creating user profiles and targeting advertisements.  The Court discussed a number of sections of Google’s policies where users allegedly consented to the practice of scanning emails for advertising purposes, and in each case found that the policies either described a different purpose for scanning emails (such as filtering out objectionable content) or were unclear when describing what kind of information would be intercepted (using descriptions like “information stored on the Services” or “information you provide”).  The Court further held that Google’s current policies (which were put in place on March 1, 2012) are equally ineffective at establishing consent.  Finally, the Court rejected the argument that non-Gmail users had impliedly consented to the interception of emails, noting that accepting Google’s theory of implied consent would “eviscerate” laws prohibiting interception of communications.

Judge Koh’s denial of Google’s Motion to Dismiss is the latest reminder that when it comes to privacy policies and terms of use, how you write something can be as important as what you write.  We will have more on the various issues discussed in Judge Koh’s order over the next few days.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.