Commentary

App Purchaser Loses Privacy Lawsuit Against Google

Google has convinced a federal judge to dismiss a lawsuit filed by Illinois resident Alice Svenson, who said Google violated users' privacy by sharing the names of app buyers with developers.

Svenson sued Google last September, several months after Australian developer Dan Nolan revealed on his blog that Google automatically shares app buyers' personal information with developers. 

"Every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred," he wrote. With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews."

For its part, Google didn't see any cause for concern. On the contrary, the company intentionally designed its platform so that people who purchase apps do so directly from the developer.

The privacy policy for Google Wallet says the company may disclose information that's necessary to process transactions. Google takes the position that it's necessary to share users' data, because the company isn't itself processing the purchase. Still, Google's practice blindsided many people -- probably because Google's model differs from Apple's iTunes, which keeps purchasers' data confidential.

Svenson alleged in her complaint that she purchased an app from Google Play for $1.77 in May. She said that Google then shared her personal information with the YCDroid, the developer of the app, which converts SMS messages to emails.

She accused Google of breaking its contract with her by allegedly disclosing her personal information to a third party. She specifically alleged that Google's decision to transfer her data created “a significant and imminently greater risk of identity theft.”

Last week, U.S. District Court Judge Beth Larson Freeman in San Jose, Calif. threw out the lawsuit, ruling that Svenson hadn't shown any damages. “Plaintiff does not allege that what she received -- the app and unauthorized disclosure of her contact information -- was worth less than what she allegedly bargained for -- the app and non-disclosure of her contact information,” she wrote.

Freeman also rejected Svenson's theory that she was at risk for identity theft, ruling that possibility was too speculative to justify a lawsuit.

Even though Google won this round, the company's victory could prove short-lived. That's because Freeman dismissed the case without prejudice -- meaning that the user who sued can revise her complaint and try again.

Whether she will remains to be seen. Freeman herself expressed skepticism about whether Svenson would be able to do so successfully. “Under these circumstances, it is not clear how Plaintiff could amend her complaint to allege contract damages,” Freeman wrote. But, she added, she would give Svenson an opportunity to try to do so.

Meanwhile, Google still faces a separate lawsuit that includes allegations relating to disclosing app purchasers' data. That case stemmed from Google's 2012 decision to revise its privacy policy in a way that allowed it to consolidate information about users.

Last month, U.S. Magistrate Judge Paul Grewal in San Jose, Calif. said that users who are suing Google for its privacy-policy changes could continue their lawsuit -- but only over allegations that the company wrongly transfers users' names and contact information to app developers. 

Grewal ruled that users could move forward based on their allegations that Google “left a privacy policy in place which led consumers to believe that access to their data would be limited to certain groups ... even though it knew that it planned to distribute the data outside of those groups.”

2 comments about "App Purchaser Loses Privacy Lawsuit Against Google".
Check to receive email when comments are posted.
  1. Chuck Lantz from 2007ac.com, 2017ac.com network, August 18, 2014 at 9:01 p.m.

    According to this ruling, if I find someone sneaking into my house through a window, I should only call the cops if the intruder has actually already stolen something? Interesting.

  2. Robb Lewis from Visa, August 18, 2014 at 9:17 p.m.

    Well it's not like anyone actually reads the TOS but in this case it appears that the Agency model is present (as expected) - I copied relevant snip below.

    However, the Privacy Policy is a bit ambiguous in that it's calling this info share as "external processing". Now this typically refers to their back-end payments processing or 3rd party risk management partners, but those partners use the data to make a decision to approve the order or not. They don't keep the user data to use for their own future marketing purposes.

    It may be more accurate to refer to this as order fulfillment, and add language in their Privacy Policy that's more explicit about their Agency role and that in those cases the user data is shared with the company whose product that the consumer is purchasing.

    -Robb

    --- from Google TOS -------
    Direct, Agency and App Sales. When you buy Products from Google Play you will buy them either:

    (a) directly from Google (which is referred to as “Google”, “we”, “our”, or “us” in these Terms) (a “Direct Sale”);

    (b) from the provider of the Product (the “Provider”), where Google is acting as agent for the Provider (an “Agency Sale”); or

    (c) in the case of Android apps, from the Provider of the app (an “App Sale”).

    Each time that you purchase a Product, you enter into a contract based on these Terms with: Google in relation to the use of Google Play and (in the case of a Direct Sale) the purchase of that Product; and also (in the case of Agency Sales and App Sales) with the Provider of the Product you have purchased.

Next story loading loading..