Arizona and Google announced a settlement Tuesday in a consumer fraud lawsuit, allowing the tech behemoth to pay $85 million instead of going to court later this month.
Attorney General Mark Brnovich filed the lawsuit against Google in 2020. The lawsuit was the result of a larger investigation that was prompted by 2018 reporting by the Associated Press revealing certain Google applications store location data without asking, and that deleting the data is a time-intensive process. The AP found that Google Maps, for example, creates a snapshot of where users are whenever they open the application, even when location history is turned off.
“When I was elected attorney general, I promised Arizonans I would fight for them and hold everyone, including corporations like Google, accountable,” Brnovich said in a written statement about the settlement. “I am proud of this historic settlement that proves no entity, not even big tech companies, is above the law.”
GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX
SUBSCRIBE
The State of Arizona will receive $77.25 million in the settlement, while another $7.75 million will go to the private attorneys Brnovich’s office hired to represent the state in the lawsuit.
The settlement also directs the AG to spend $5,000,000 at an “accredited law school” for educating AG staff and judges on issues of consumer protection, privacy and technology. The money is also to be spent to create a “bipartisan association” of AGs that will develop programs on consumer protection laws in the realm of digital privacy.
The remainder of the $77,250,000 is to be spent or directed by the Arizona legislature toward either education, broadband or “internet privacy efforts and purposes.”
“This case is based on outdated product policies that we changed years ago,” José Castañeda, a Google spokesman, said in a statement to the Arizona Mirror. “We provide straightforward controls and auto delete options for location data, and are always working to minimize the data we collect. We are pleased to have this matter resolved and will continue to focus our attention on providing useful products for our users.”
While the case is over, there are still lingering questions about issues raised in the case, much of which was redacted and sealed in court filings.
Last year, both Google and the AG agreed to a special discovery master, an outside person who would oversee the discovery process and settle any disputes. During the discovery process, the state had 30 hours of witness depositions and more than 200,000 pages of documents were produced, according to the court ruling.
The initial lawsuit filed by the attorney general included 270 exhibits, of which only a small portion have been made public. Some of those documents shed light on certain issues such as Google’s own engineers being confused by their privacy settings and how Google’s apps shared location information with other applications.
Some documents that have been released showed that Google’s own engineers were confused by the privacy settings.
“I agree with the article,” an unnamed Google employee wrote in an internal email along with other exhibits that are part of the state’s case. “Location off should mean location off; not except for this case or that case.”
During the lawsuit, the AG released a new version of the previous complaint with sections that had previously been redacted now visible.
For example, a previously redacted paragraph in the complaint revealed that the Attorney General’s Office found that Google employees had admitted that the company’s location history and web app activity disclosure policies were “misleading.”
The documents show that employees were working behind the scenes after the AP story to try to change the user interface to make it easier for Google users to opt-out of location sharing. However, one unnamed employee expressed their dismay about thinking they had their location tracking turned off, only to find it was not.
“Speaking as a user, WTF? More specifically I **thought** I had location tracking turned off on my phone,” the unnamed software engineer said in the released chat logs. “So our messaging around this is enough to confuse a privacy focused (Google software engineer). That’s not good.”
Documents also showed that Google’s privacy policy was crafted in a way to allow applications that had location tracking turned off from using the location tracking information from another Google application that had location tracking on.
“My understanding is that nothing is current (sic) stopping one Google product (A) from using location logged by another Google product (B) if [REDACTED] approves the A<-B use,” the unnamed employee says. “In fact, our landmark privacy policy came into existence pretty much for the very reason of enabling cross-product data use.”
Two years later, more documents would be released by the AG to reveal a Google tool called “IPGeo” which, according to a 2009 presentation obtained by the attorney general, is designed to “predict users’ locations from their IP addresses by improving ways of exploiting available data, and to provide this knowledge to all Google products.”
The attorney general’s office also found a confidentiality notice attached to the presentation about the tool.
“You have no idea how incredibly confidential this one is,” the notice said. “My my, is this confidential. I kid you not. Imagine an article titled ‘Google knows where you live, because it spies on you’ in the NYT. You’ve been warned.”
This isn’t the only lawsuit the tech company has recently settled. In Illinois, Google settled with residents there to the tune of $100 million for a violation of the state’s Biometric Privacy Act.
Comments are closed.