After years of getting a free pass from consumers, Google is finally starting to feel the heat over its fast and loose Gmail privacy policies. It’s not just that consumers are up in arms over the way Google uses Gmail to collect data about them – they are now seeking to recover legal damages from Google as well for past invasions of privacy. In what could mark a new legal precedent for privacy and security, San Francisco-based law firm Gallo LLP is claiming that Google overstepped its bounds when collecting and using data, for which consumers are due rightful compensation.
The problem with Gmail privacy
At the heart of the issue is how Google uses data it collects about users, specifically with its popular Gmail service. People who sign up and use Gmail probably already notice targeted advertisements that pop up in their inbox. What they may or may not realize is that Google has been reading the contents of your messages and analyzing your personal information, in order to determine what types of ads to show you.
That sounds intrusive enough, but Google has taken its abuse of Gmail privacy one step further – it combines what it knows about you from Gmail with what it also knows about you from your recent Google search results. And if you use Google products like the Chrome browser to navigate the web, it even knows what web sites you have been visiting. Moreover, since there are many other Google services – including YouTube and Google Analytics – there is a good chance that you are leaving a very wide and deep data trail behind you that Google can use to create a sophisticated profile about you.
Even with Google promising to stop using Gmail data for advertising purposes, data is still sucked into the huge data analytics/ AI engine that powers all of Google’s services. And that is very much a cause for concern. Most consumers may not realize the opaque ways that Google uses all this data, how to change activity controls or how to do a privacy checkup.
It’s bad enough if you sign up for Gmail and Google starts showing you ads – that’s pretty much par for the course these days. We are so numbed to the concept of data surveillance that many people may feel that it’s hopeless to even complain. “So what if Google shows me ads in my email?”, they might think. But here’s the thing – it’s not just that Google has been reading your Gmail messages and using your email address, it has also been reading the messages of anyone that you have ever corresponded with via Gmail. Thus, for example, if you send a Gmail message to your grandparents who are using another email provider, Google can theoretically read their messages as well. And that’s why there is such an outcry against Gmail privacy practices now – it’s clear that Google has far overstepped its boundaries.
The case against Google
Leading the charge against Google over its Gmail privacy policy is San Francisco-based law firm Gallo LLP, which has filed the first new consumer claims against Google following the efforts by the Silicon Valley tech giant to revamp its Gmail privacy policies. Many legal experts now believe that the Gallo case could open a floodgate of other cases against Google. The significance of the Gallo case is that consumers are now actually seeking financial damages against Google.
Previous cases against Google sought relief from Google’s shady Gmail privacy practices, but never actually sought damages. In 2016, for example, Gallo used a similar legal strategy. What’s different now is that Gallo is representing consumers who never actually signed up for a Google account or Gmail account, but who still had their email messages read. That’s an entirely new class of legal defendant and exposes Google to new legal risk.
As a result, this new Gallo case against Google could be a real game-changer with potentially dire financial implications for the Silicon Valley giant. There are two pieces of legislation that are critical to Gallo’s legal strategy – the Electronic Communications Privacy Act (also known as the federal wiretap act) and the California Invasion of Privacy Act (CIPA). According to Gallo, every violation of the CIPA could lead to a penalty of $5,000. So if Gallo is able to bring a true class action lawsuit against Google on the basis of the CIPA and win – it could be potentially disastrous for Google. Some have opined that a successful resolution of the Gallo case could imply billions of dollars in liability for the search giant.
Roy Gallo, Senior Partner at Gallo LLP, analyzes the current legal situation that his firm faces, “The Matera injunction allows Google to process inbound Gmail for non-advertising purposes. This is necessary to provide Gmail’s high-quality spam protection but is not limited to that. The statute (the Electronic Communications Privacy Act) allows a service provider to do the things required to provide the service… What’s more concerning is that once the email hits the inbox, wiretapping statutes do not apply. The account holder’s consent, to the Terms of Service they don’t read, allows Google to do whatever it wants with the data. And, of course, Google uses the data to provide some useful functionality, so people consent.”
Gmail privacy and market perception
So what has been Google’s response to charges about its Gmail privacy practices? Google has tried to clean up its Gmail privacy practices as a result of previous legal cases, saying that it will no longer use or scan Gmail content for any advertising purposes. But Google’s intentions are not so clear when it comes to “non-advertising” purposes, says Gallo. Google has no real intention of actually stopping its practice of collecting and analyzing data when you use YouTube, Chrome or any other consumer-facing service. As Google sees it, this is the trade-off that consumers agree to at the outset – they get to use a free service that works very well, and in exchange, Google gets to monetize their data.
The real problem for Google is that corporations are waking up to this problem as well. In some cases, their perceived understanding of Google’s data privacy practices may affect their willingness to sign up for the company’s cloud services. Although a different privacy policy governs Google’s paid products, this perception may put Google at a real disadvantage compared to other companies such as Amazon or Microsoft, which don’t suffer from the same Gmail privacy issues.
Data privacy and permissionless innovation
Taking a big picture view, the pending legal case against Google for its Gmail privacy practices could have far-ranging implications for tech innovation. According to researchers at the Mercatus Center at George Mason University, there are two primary models of innovation. This legal case against Google could change how we view these models of innovation if it forces companies to put into place safeguards about the types of data that can be used and then commit to a privacy policy.
The model of innovation that has existed until now is “permissionless innovation,” meaning that tech companies like Google can innovate as they choose without getting permission from government regulators about which services they provide. The model that we could be shifting to, though, is one that is diametrically opposed to permissionless innovation. This is a model of innovation based on the precautionary principle, in which tech companies must get the approval of regulators or bureaucrats before moving forward.
Google, as a symbol of Silicon Valley innovation, would seem to make a good test subject. It may well turn out that how the courts rule on Google privacy issues could influence the tech innovation landscape for years to come.
