Google’s adtech – Google is facing class-action lawsuits in the Netherlands that accuse the adtech giant of violating European privacy laws. It is requesting that Google stop tracking and profiling consumers, as well as compensation for what it calls “large-scale privacy violations” of the European Union’s data protection legislation.
The representative action is being launched by two non-profit organizations: the Foundation for the Protection of Privacy Interests (FPPI) and the Dutch Consumers’ Association (aka Consumentenbond).
Per the pair, almost 82,000 people have signed up to join the claim since it was announced back in May.
“Google acts in violation of Dutch and European privacy legislation,” the Google claim plaintiffs argue on their website [translated from Dutch with AI]. “The tech giant collects users’ online behavior and location data on an immense scale through its services and products. Without providing enough information or having obtained permission.
“Google then shares that data, including highly sensitive personal data about health, ethnicity, and political preference, for example, with hundreds of parties via its online advertising platform. Irish research shows that residents’ internet activity and locations in Europe are exposed to online ad auctions on average almost 380 times a day.”
“Google must stop violating your privacy and pay damages. We also demand that Google implement structural changes so that it no longer violates your privacy. Google turns you into a product and collects billions in advertising sales every year,” they add.
The ‘no-win, no-fee suit is now taking sign-ups; registration is available through the claim website. Consumers who utilized Google products or services after March 1, 2012, and resided in the Netherlands are eligible to participate in the mass action.
The Northern European country was among the first to modify its class action regime in order to comply with a new EU directive on representative actions, which permits qualified organizations, such as consumer rights groups, to file collective actions on behalf of a class of consumers. Since June 25, new claims must follow the new procedural standards.
In addition, the EU Court of Justice confirmed in May that there is no threshold of seriousness for non-material injury in order to claim compensation for privacy damages. As a result, claims for emotional distress resulting from a violation of the EU’s General Data Protection Regulation (GDPR) or other privacy rules can be brought.
Ada van der Veer, chairman of the FPPI, added in a response to the Google claim:
Google is constantly monitoring everyone. Even when using third-party cookies — which are invisible — Google continues to collect data through other people’s websites and apps, even when someone is not using its products or services. This enables Google to monitor almost the entire internet behavior of its users. In addition, Google continuously collects the physical locations of users, even when they are not actively using their devices and think they are ‘offline’.
Google was asked for comment on the lawsuit but has not answered as of press time.
Following concerns that its technologies violate EU privacy standards, Ireland’s Data Protection Commission has been investigating a number of parts of the internet giant’s operations for several years. However, no decisions have been made — including on a major complaint against Google’s adtech, another against Google’s location tracking, and several charging Google with deceptive design — giving consumer rights groups even more reason to resort to litigation as long as funders are willing to take cases on a ‘no win, no fee basis.
Lieff Cabraser Heimann & Bernstein, a litigation-focused law firm, is funding the Google claim in this case.
The Irish Council for Civil Liberties previously exposed details of the massive amount of data sharing involved in the high-velocity online auctions Google monetizes by matching profiled customers with microtargeted advertising in its research on Google’s real-time-bidding adtech. Despite the fact that the internet giant’s principal GDPR regulator, the Irish DPC, has been examining its adtech since 2019, no decision has been given, and the regulator itself was sued last year for inaction on the adtech complaint.
Meanwhile, Google has been hard at work on a pivot to an alternative form of ad targeting that aims to shift away from third-party cookies for tracking individual web users’ activity and toward embedding surveillance technology into its Chrome browser that monitors the websites consumers visit in order to assign interest categories that advertisers can use to select which ads they see.
This rebooted ad targeting mechanism is dubbed “Privacy Sandbox” by Google. However, web users’ activity is still being tracked in order to decide ad topics for marketing purposes, so it’s unclear how much of a privacy advance it represents. Despite the fact that its execution of the transfer is being closely reviewed by UK regulators, Google is actively pushing the Privacy Sandbox system onto Chrome users, compelling them to take active actions to opt out rather than an affirmative opt-in.
The Consumer Association, which is behind the Google claim, previously filed a successful privacy lawsuit against Facebook owner Meta, which was also funded by Lieff Cabraser Heimann & Bernstein, obtaining a declaration of rights earlier this year in which the court found the tech giant lacked a legal basis to process local users’ data for ad targeting.