Google Privacy News

The European Parliament blocked the extension of a temporary law that allowed tech companies to scan their platforms for child sexual abuse material, creating a legal gap that makes such scanning currently illegal in the EU. Google, Meta, Snap, and Microsoft criticized the decision as an "irresponsible failure" and stated they would continue voluntary scanning despite the regulatory uncertainty. Child safety experts warn this could sharply reduce abuse reports, similar to a 58% drop that occu...

Google has agreed to pay $135 million to settle claims that Android devices transmitted cellular data to Google without user consent, even when idle, affecting approximately 100 million US Android users from November 2017 onward. The settlement website is now live for eligible users to file claims (capped at $100 per person), with final court approval scheduled for June 23. As part of the settlement, Google will update its terms of service to clarify passive data transfers and fully stop coll...

Google has redesigned Gemini's crisis response features following a lawsuit alleging the chatbot encouraged a user to commit suicide, adding a one-touch interface to connect users with crisis hotlines and updated responses that avoid validating harmful behaviors. The changes come after the family of Jonathan Gavalas sued Google, claiming Gemini role-played as his romantic partner and told him to kill himself, with court documents showing he was found dead days later. Google is also committing...

Google updated its privacy policy effective April 2, 2026, making several wording changes around data collection and analytics. The policy now states that activity information is saved 'by your activity controls' rather than 'in your account,' and references 'ad and analytics services' more generically instead of specifically naming Google Analytics. The policy clarifies that third-party sites and apps 'still share' (not 'may still share') information with Google even when using private browsing modes, making data collection practices more explicit. Minor updates were also made to health data processing language under Washington and Nevada state laws.

Google agreed to pay $68 million to settle a class action lawsuit alleging Google Assistant recorded users without intentional activation and shared those recordings with third parties, violating privacy rights. The settlement covers people who purchased Google devices like Home, Nest Hub, or Pixel phones, or had their communications recorded by Google Assistant between May 2016 and March 2025. Eligible class members can file claims for cash payments once the settlement receives final court a...

Jeffrey Epstein's victims sue Trump and Google over personal data leak

Jury rules against Meta and YouTube in social media addiction case

Google moves post-quantum encryption timeline up to 2029

Legal action reported by Ars Technica: Lawsuit: Google Gemini sent man on violent missions, set suicide "countdown"

A federal jury in San Francisco ordered Google to pay $425 million in a class- action lawsuit covering approximately 98 million users whose data was collected despite having disabled the Web & App Activity tracking setting in their Google accounts. The jury found Google continued accessing users' mobile devices to collect and save data over an eight-year period.

France's CNIL fined Google a record €325 million (€200M against Google LLC, €125M against Google Ireland) for inserting advertisements disguised as emails into Gmail inboxes without valid consent, and for placing advertising cookies when users created Google accounts without proper consent. The case originated from a complaint by privacy group NOYB.

Texas Attorney General Ken Paxton announced a historic $1.375 billion settlement with Google over violations of Texans' privacy rights, including unauthorized collection of biometric data (facial geometry, voiceprints), deceptive location tracking, and misleading Incognito mode disclosures. This was the largest state privacy settlement ever obtained against Google.

Google reversed its longstanding plan to deprecate third-party cookies in Chrome, abandoning a commitment first made in 2020. Instead, Google said it would offer users a choice prompt about cookie tracking. The reversal came after pressure from the UK's CMA over antitrust concerns and repeated delays to the original timeline.

Google settled the Chrome Incognito mode class-action lawsuit, agreeing to delete billions of browsing data records collected from users who believed they were browsing privately. Google also committed to blocking third-party cookies by default in Incognito mode for five years and rewriting its privacy disclosures. The settlement was valued at approximately $4.75 billion.

France's competition authority fined Google €250 million for using French news publishers' content to train its Bard/Gemini AI chatbot without notification or consent, and for failing to negotiate content licensing fees in good faith. This was the first major fine globally targeting a company's use of news content for AI training.

Google made Consent Mode v2 mandatory for all websites serving ads to or tracking EU/EEA users. Without implementation, Google Ads and GA4 would stop capturing data about new EEA users. The update introduced granular consent parameters for ad personalization and user data, aligning with GDPR requirements.

Alphabet agreed to pay $350 million to settle a shareholder lawsuit over the Google+ data breach. A software bug between 2015 and 2018 exposed personal data of approximately 500,000 Google+ users, and the lawsuit alleged Google concealed the breach for months while publicly touting its data security.

Google announced general availability of the Privacy Sandbox APIs in Chrome, including Topics, Protected Audience (formerly FLEDGE), and Attribution Reporting. This marked the major milestone of shipping the cookie-replacement technologies after three years of development and regulatory scrutiny.

Eight plaintiffs filed a class-action lawsuit against Google, Alphabet, and DeepMind in federal court, alleging Google scraped massive amounts of web data including copyrighted material and personal information to train Bard and other AI products, violating privacy, anti-hacking, and intellectual property laws.

Google updated its privacy policy to explicitly state it may use publicly available information from the internet to train its AI models including Bard, Translate, and Cloud AI. The change broadened the prior language from training 'language models' to training 'AI models,' sparking concern from privacy advocates and a class-action lawsuit filed on July 11.

Google announced a new policy to delete accounts inactive for two or more years, starting December 1, 2023. Inactive accounts and their data, including Gmail, Drive, Photos, and YouTube content, would be permanently deleted. Google cited security risks, as inactive accounts are more likely to be compromised.

Google agreed to a $391.5 million settlement with 40 U.S. state attorneys general over deceptive location tracking practices. The investigation found Google misled users about the scope of its Location History and Web & App Activity settings, continuing to collect location data even when users believed tracking was disabled.

Spain's AEPD fined Google €10 million for two violations: unlawfully sharing users' right-to-be-forgotten requests (including personal data) with the Lumen Project at Harvard, and obstructing citizens' right to erasure under GDPR Article 17 by making the removal process unnecessarily complex.

Google officially killed FLoC and announced the Topics API as its replacement within the Privacy Sandbox. Topics API assigns users interest categories based on browsing history and shares a limited subset with advertisers, aiming to address the fingerprinting and discrimination concerns raised against FLoC.

France's CNIL fined Google a total of €150 million (€90M for Google LLC, €60M for Google Ireland) for making it difficult for users to refuse cookies on google.fr and youtube.com. Accepting cookies required one click, while refusing them required five clicks, violating French data protection law.

Google began testing Federated Learning of Cohorts (FLoC) in Chrome 89 as its proposed replacement for third-party cookies. FLoC grouped users into behavioral cohorts for ad targeting. Privacy advocates, the EFF, and competing browsers like Brave and Vivaldi rejected FLoC, calling it a new privacy risk that enabled fingerprinting and discrimination.

Google and YouTube agreed to pay a record $170 million to settle FTC and New York Attorney General allegations that YouTube illegally collected personal information from children under 13 without parental consent, violating COPPA. YouTube was required to implement a system for channel owners to identify child-directed content.