Despite Google's month-long campaign to warn consumers about a change in its privacy policies, some customers are still angry about Google's decision to combine data from about 60 separate services into a single database that offers a more complete picture of each customer's interests and activities.
Two new class-action lawsuits, filed on opposite coasts Tuesday, aim to represent the anger of customers unhappy at their inability to stop Google from changing the rules after users have come to depend on separate services without the need to worry someone was assembling a dossier on their activities more comprehensive than they would like.
The new suits follow an earlier effort to punish Google for alleged violations of privacy, though the one filed a month ago focused on even more covert data collection: Google's admission that it had bypassed privacy controls in Apple's Safari web browser.
A class-action lawsuit filed March 20 in federal district court in San Jose, Calif. Tuesday, claims Google actually compelled users to give up their own privacy by requiring those buying Android phones set up Gmail accounts in order to use them. (Text of the complaint posted here.)
As with the other complaints, the San Jose case cites previous tussles between Google and various regulators over privacy issues. In this case it quoted a Feb. 22 letter from 35 state attorneys general warning the Android/Gmail connection forces customers into trusting Google with private data they otherwise would not:
Pivotal issue: Can Google commit three felonies with one policy change?
The third, a class-action suit filed in U.S. District Court in Manhattan (posted here) accuses Google of violating the Computer Fraud Abuse Act, the Federal Wiretap Act and the Stored Electronic Communications Act by eliminating separate privacy policies and combining most of its services under a single policy and customer data into a single data set. The San Jose suit alleges similar violations.
The Manhattan suit charges that, even though Google had access to data in all the combined services, each led customers to expect a different level of privacy – a set of promises broken by combining the data into one pool with just one set of privacy rules and criteria that are likely to violate privacy expectations set when customers created their accounts.
It also cites an October Consent Order between Google and the FTC "in which the FTC found that Google deceptively claimed it would seek the consent of consumers before using their information for a purpose other than for which it was collected, and that Google had misrepresented consumers' ability to exercise control over their information."
"When companies make privacy pledges," the complaint quotes FTC Chairman Jon Leibowitz as saying, "they need to honor them."
Suits charge Google violates privacy to make money, not serve customers better
Ninety-seven percent of Google's revenue comes from advertising, the complaint alleges, a market in which it trails Facebook, which has always offered a more unified set of data on consumers. Google has historically offered advertisers sub-sets of its customers divided according to the services they use.
The complaint charges that Google's decision to change its privacy policies (and, allegedly, violate promises to customers) was based not on altruistic or practical reasons, but one purely commercial issue: the need to increase its revenue and compete more effectively with Facebook by offering richer data on customers, no matter what promises it might have made to them.
A Google spokesman said the company had not seen the complaints and could not comment on the two most recent lawsuits.
A March 1 post on the Google Official Blog, which followed more than a month of updates and explainers from Google, promises that the new policies make privacy rules covering all a customer's data easier to understand.
The blog also promises the new policy will allow Google to integrate services more effectively so they're easier to use, and that Google will continue to offer the same privacy controls is always has. Customers can set different privacy requirements for YouTube than for Search or Maps, for example. Users can also choose to take a copy of their data with them for their own purposes if they wish – an issue that Facebook has resisted, prompting storms of abuse from customers and a few lawsuits of its own.
Here is how Google and the customers suing it square off:
Google on its policy changes and protections:The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google. We aren’t collecting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.
"18. Unlike Facebook, a holistic view of each consumer was unavailable to Google, and intended consumers were not easily identified by advertisers. Google previously targeted its advertising using bits and pieces of anonymous information garnered from each, discrete Google service that had more than 70 distinct privacy policies.
20. However, the profiles on those social networking sites are created and managed by the consumers themselves, and the consumers have control over the personal information appended to their Facebook profiles.
Thus, a consumer's expectation of privacy on Facebook is much different than his or her expectation of privacy when using Google products, where Google collects and aggregates information about the consumer without the consumer's consent, and which likely includes information that the individual would keep very private, and choose not to post, even on Facebook. – Complaint filed March 20, 2012 in U.S. District Court, Manhattan, on behalf of David Nisenbaum, Pedro Marti and Allison C. Weiss,"individually and on behalf of all others similarly situated."
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.