Google agrees record $391.5m settlement in US digital tracking case

A Google kitchen area at one of its offices
(Image credit: Shutterstock)

Google has agreed to pay $391.5 million to settle a case in which 40 US states alleged that it violated laws protecting people from being tracked electronically.

The huge sum marks the largest digital privacy settlement in US history and relates to allegations brought against the company in 2018 after it was discovered that users were being tracked even after disabling its location history feature.

Users of both Android smartphones and iPhones were found to have their location data stored on their devices even when they enabled a privacy setting that supposedly prevented such data from being stored.

The original 2018 report from the Associated Press revealed that more than 2 billion Android users were affected in the case and hundreds of thousands more iPhone users too.

“This $391.5m settlement is a historic win for consumers in an era of increasing reliance on technology,” said William Tong, attorney general for Connecticut to the Associated Press via the Guardian.

“Location data is among the most sensitive and valuable personal information Google collects, and there are so many reasons why a consumer may opt-out of tracking.”


A strategic guide for controlling and securing your data

Forrester's data security control framework


Google spokesperson Jose Castaneda said the company fixed the issue “years ago” and the Mountain View-based tech giant also released a blog post on Monday highlighting some of the measures brought in to promote privacy and transparency regarding location data.

The launch of auto-delete controls, incognito mode, and ‘your data’ transparency tools - available in Google Maps and Google Search - were among the main measures Google identified.

“Today’s settlement is another step along the path of giving more meaningful choices and minimising data collection while providing more helpful services,” the blog post read, written by Marlo McGriff and David Monsees - leadership staff on the product teams for Geo and Search respectively.

Google was ordered to pay $971,000 in fees relating to a separate privacy case earlier this year after it failed to disclose key pieces of evidence.

Regarding a $5 billion lawsuit from 2020, in which the company allegedly tracked users while they browsed in incognito mode, Google was fined for failing to identify witnesses in a timely fashion, and identify additional documents and data sources for the case.

Last year the company was also accused of violating the digital privacy of more than 300 million Europeans in additional allegations of illegal tracking.

It was claimed by Max Schrems, privacy activist and lawyer at NOYB, that Google’s use of Android Advertising Identifiers contravened the 2002 ePrivacy Directive.

The French data protection regulator, CNIL, was notified but no formal punishment has yet been issued as a result.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.