Google To Settle 'Data Leakage' Case For $8.5 Million
Michael Aschenbrener, the attorney who brought the case, says the settlement will address concerns that Google doesn't disclose enough information about the privacy risks of using its search engine. “The primary purpose of the lawsuit was to call attention to the fact that users did not know what personal information was being transmitted to whom, and under what circumstances,” he says. “The prospective relief corrects that.”
Recipients of the $8.5 million settlement include the World Privacy Forum, Carnegie-Mellon, Chicago-Kent's Center for Information, Society, and Policy, Harvard Law's Berkman Center for Internet and Society, Stanford Law's Center for Internet and Society, the MacArthur Foundation, and AARP.
The litigation against Google on this issue dates to 2010, when Paloma Gaos filed suit against the company. Gaos alleged that she conducted searches for her own name, as well as her family members' names, and clicked on links on the Google search results. Therefore, she argued, Google disclosed her "sensitive personal information" to third parties by transmitting her queries in the referrer headers -- the URLs that Google sends to publishers.
One year after the lawsuit was filed, Google revised its policy on the information it includes in URLs. Now, when signed-in users visit a site after clicking on a link in the organic results, Google does not send the search queries to the destination site. The company still transmits the entire search query when users visit a site after clicking on an ad.
Google earlier argued that the lawsuit should be dismissed because Gaos couldn't show she was injured by the alleged data leakage. Davila rejected that argument last year, and ruled that the case could proceed.
But different judges have reached the opposite conclusion in cases against other Web companies. For instance, U.S. District Court Judge James Ware dismissed a lawsuit against Facebook and Zynga, both of which were accused of leaking information about users through referrer headers. U.S. District Court Judge James Ware ruled in that case that the consumers couldn't show they had been harmed by the disclosures. The consumers have appealed that ruling to the 9th Circuit Court of Appeals, where the case is pending.
Davila will hold a hearing next month about whether to grant the settlement preliminary approval.
Aschenbrener argues in a motion for approval of the settlement that the $8.5 million in donations compare favorably to settlements in other Internet consumer privacy cases.
He specifically mentions Google's $8.5 million settlement for disclosing the names of people's email contacts when launching Buzz, Facebook's $9.5 million settlement for the Beacon program (which told users about their friends' ecommerce activity) and Netflix's settlement for storing users' information longer than a video privacy law allowed.
But that argument doesn't sit well with everyone. “The motion makes a point that $8.5 million is about the going rate for these settlements, which is disconcerting to me because in most cases there is little, if any, harm,” says Santa Clara University law professor Eric Goldman.
He adds that large companies like Google and Facebook can afford to donate $9 million to settle a lawsuit, but that many smaller startups can't afford that kind of price tag.