A federal jury in California recently hit Google with a $425 million verdict after finding that user privacy had been violated, even when people believed they had turned off tracking features. The case, Rodriguez v. Google LLC, has been closely watched because it highlights a common concern among smartphone and app users: do privacy settings really work the way companies say they do?
The lawsuit was originally filed in July 2020 and covers the period from July 1, 2016, through September 23, 2024. Plaintiffs argued that Google continued to collect data from mobile devices through third-party apps, even when users had disabled Web & App Activity and the supplemental tracking settings. This included data from popular apps like Uber, Instagram, and Venmo, which often use Google’s analytics tools in the background. According to the complaint, Google’s tracking code allowed it to collect information across apps without explicit user consent, despite the privacy toggles being turned off.
Jurors sided with the plaintiffs on two key claims: invasion of privacy and intrusion upon seclusion. They did not, however, find that Google acted with malice, meaning no punitive damages were awarded. The verdict focused purely on the fact that Google collects user data in a manner inconsistent with what users were led to believe when they opted out of tracking. This case, experts say, underscores a major problem in the tech world: privacy settings may be offered, but their actual effectiveness can be limited or misleading.
Approximately 98 million Google users are included in the class, spread across about 174 million devices. While plaintiffs initially sought over $31 billion in damages, the jury ultimately awarded $425 million, which breaks down to roughly $4 per device. Plaintiffs are pushing to increase this figure to $2.36 billion, arguing that Google should disgorge profits it earned from the data it collected. Meanwhile, Google has announced it will appeal the verdict, asserting that its privacy disclosures were transparent and that users were made aware that some pseudonymous data collection could continue even with settings disabled.
The trial revealed some internal company communications that plaintiffs claim show Google was aware of the potential for user confusion. According to these internal emails, Google knew many users likely did not fully understand the implications of its privacy language. A jury foreperson reportedly commented that Google’s consent language “should be a little more obvious,” highlighting the complexity and sometimes opaque nature of tech privacy agreements.
Although the verdict has made headlines, there is no immediate payout. The appeals process could delay or even reverse the ruling, meaning affected users might not see any money for months, or potentially years. For those included in the class, eligibility requires having a non-enterprise Google account, turning off Web & App Activity at some point during the covered period, and having data from non-Google apps sent to Google. Even with these criteria, the actual payout per user may be modest.
Beyond the financial aspect, this lawsuit raises broader questions about digital privacy. Millions of users rely on privacy settings to control how their data is shared, but this case demonstrates that turning off a toggle does not necessarily stop data collection. With Google Analytics embedded in most websites and many mobile apps, tracking can occur in ways that are largely invisible to users. It is recommended to review account settings, limit app installations, and consider tools like VPNs or browser privacy extensions to maintain more control over personal data.
For tech companies, the verdict is a clear warning. While privacy policies and settings are standard, they may not be enough to satisfy legal standards or consumer expectations. The case could have ripple effects, potentially encouraging regulators and courts to take a closer look at how major tech firms communicate privacy options to users and implement their tracking systems.
Are You Eligible for a Payout?
If you’re a Google user (which, currently, I am sure everyone is), you might be wondering whether this lawsuit affects you personally. Here’s a simple guide to see if you could qualify:
- Check your account type: You need a personal, non-enterprise Google account. Accounts for children under 13, work, or school accounts typically don’t count.
- Review your privacy settings history: You should have turned off or paused Web & App Activity (or the supplemental activity setting) at any point between July 1, 2016, and September 23, 2024.
- Consider app usage: Even if you turned off activity tracking, Google may have collected data through third-party apps that use Google Analytics or other embedded tools.
- Stay alert for updates: No final payout has been set. Keep an eye on announcements from the official claims site or class-action updates.
- Be realistic about the payout: Based on current estimates, the award per user may be modest, possibly just a few dollars. However, the legal precedent and attention to privacy practices may benefit users in other ways, such as improved transparency and stricter enforcement of privacy rules.
Why This Matters
Even if your payout is small, this case highlights a very important lesson that everyone should know: your privacy settings alone aren’t always enough. Users often assume that toggling off tracking features stops data collection entirely, but in practice, data can still flow through third-party apps and embedded analytics tools. This is a reminder to regularly check privacy settings, limit unnecessary apps, and explore privacy tools such as VPNs or tracker-blocking extensions. While the legal process may take time, staying proactive is the best way to safeguard your data in the meantime.
At the end of the day, this case is a reminder that data is never really safe. No matter how many settings you tweak or switches you flip, there’s always a chance your information is being collected somewhere in the background. Being vigilant helps, sure, but in today’s digital world, complete privacy is almost impossible to guarantee.