Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy & Compliance

Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case

Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance.

Chrome security updates

Google has agreed to purge billions of records containing personal information collected from more than 136 million people in the U.S. surfing the internet through its Chrome web browser.

The massive housecleaning comes as part of a settlement in a lawsuit accusing the search giant of illegal surveillance.

The details of the deal emerged in a court filing Monday, more than three months after Google and the attorneys handling the class-action case disclosed they had resolved a June 2020 lawsuit targeting Chrome’s privacy controls.

Among other allegations, the lawsuit accused Google of tracking Chrome users’ internet activity even when they had switched the browser to the “Incognito” setting that is supposed to shield them from being shadowed by the Mountain View, California, company.

Google vigorously fought the lawsuit until U.S. District Judge Yvonne Gonzalez Rogers rejected a request to dismiss the case last August, setting up a potential trial. The settlement was negotiated during the next four months, culminating in Monday’s disclosure of the terms, which Rogers still must approve during a hearing scheduled for July 30 in Oakland, California, federal court.

The settlement requires Google to expunge billions of personal records stored in its data centers and make more prominent privacy disclosures about Chrome’s Incognito option when it is activated. It also imposes other controls designed to limit Google’s collection of personal information.

Consumers represented in the class-action lawsuit won’t receive any damages or any other payments in the settlement, a point that Google emphasized in a Monday statement about the deal.

“We are pleased to settle this lawsuit, which we always believed was meritless,” Google said. The company asserted it is only being required to “delete old personal technical data that was never associated with an individual and was never used for any form of personalization.”

Advertisement. Scroll to continue reading.

In court papers, the attorneys representing Chrome users painted a much different picture, depicting the settlement as a major victory for personal privacy in an age of ever-increasing digital surveillance.

The lawyers valued the settlement at $4.75 billion to $7.8 billion, relying on calculations based primarily on the potential ad sales that the personal information collected through Chrome could have generated in the past and future without the new restrictions.

The settlement also doesn’t shield Google from more lawsuits revolving around the same issues covered in the class-action case. That means individual consumers can still pursue damages against the company by filing their own civil complaints in state courts around the U.S.

Investors apparently aren’t too worried about the settlement terms affecting the digital ad sales that account for the bulk of the more than $300 billion in annual revenue pouring into Google’s corporate parent, Alphabet Inc. Shares in Alphabet rose 3% to close Monday at $155.49, giving the company a market value of $1.9 trillion.

Austin Chambers, a lawyer specializing in data privacy issues at the firm Dorsey & Whitney, described the settlement terms in the Chrome case as a “welcome development” that could affect the way personal information is collected online in the future.

“This prevents companies from profiting off of that data, and also requires them to undertake complex and costly data deletion efforts,” Chambers said. “In some cases, this could have a dramatic impact on products built around those datasets.”

Google is still facing legal threats on the regulatory frontier that could have a far bigger impact on its business, depending on the outcomes.

After the U.S. Justice Department outlined its allegations that the company is abusing the dominance of its search engine to thwart competition and innovation during a trial last fall, a federal judge is scheduled to hear closing arguments in the case May 1 before issuing a ruling anticipated in the autumn.

Google is also facing potential changes to its app store for smartphones powered by its Android software that could undercut its revenue from commissions after a federal jury last year concluded the company was running an illegal monopoly. A hearing examining possible revisions that Google may have to make to its Play Store is scheduled for late May.

Related: Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’

RelatedDeveloper Bypasses Chrome’s Anti-Incognito Detection

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...