A federal judge in California this week declined to approve a proposed Google settlement in a class-action lawsuit involving claims the company violated California privacy statutes with its Gmail scanning activities.
In a six-page order, U.S. District Judge Lucy Koh described the language in Google’s settlement as confusing and not properly disclosing how Google intercepts, scans and analyzes email content to create targeted ads for Gmail users.
The court faulted Google for not properly disclosing what technical changes it would make to address the concerns that led to the lawsuit.
The settlement as proposed would release Google from all of the lawsuit’s claims and provide for no monetary relief for plaintiffs while setting aside $2.2 million in attorney fees. “In sum, based on the parties’ current filings, the Court cannot conclude that the settlement is ‘fundamentally fair, adequate, and reasonable,'” Koh wrote.
Google’s proposed settlement pertains to a lawsuit over the company’s practice of scanning the contents of emails from non-Gmail users to deliver more personalized ads to Gmail users—without disclosing this fact in its privacy notices. It is currently not clear whether Google also scans outgoing emails to non-Gmail addresses for the same purpose.
The plaintiffs in the case have argued that this practice violates California’s Invasion of Privacy Act and the federal Electronic Communications Privacy Act.
Google’s proposal to settle the dispute includes an injunction that would bring it into compliance with both statutes and fuller, more complete disclosure of its email scanning practices for non-Gmail emails.
Koh faulted Google’s proposed settlement on both counts. It does not spell out the technical changes that Google will make to ensure compliance with the statutes and the disclosure notice itself is difficult to understand, she said.
At a preliminary settlement hearing, Google had agreed to submit to an injunction that would prevent it from scanning email solely for targeted advertising purposes but not for the dual purpose of spam and malware detection as well. The injunction basically allows Google to use metadata collected during the spam and malware detection process for advertising purposes.
But the language in the proposed settlement does not make that fact clear at all, Koh said. Similarly, the notice does not make clear that Google intercepts and scans all emails sent by non-Gmail users to Gmail users.
In addition, it is unclear without further legal analysis whether the mere act of scanning email with a dual purpose would bring Google into compliance with the relevant statutes. “Plaintiffs’ motion for preliminary approval provides no authority as to whether or why the injunction’s ‘dual purpose’ interception, scanning, and analysis of in transit emails brings Google into compliance with the Wiretap Act or CIPA,” the court said.
Koh also rejected Google’s argument that its proposed settlement is no different from one by Yahoo that was approved by the court in a similar dispute. In that case, the settlement was proposed after years of litigation and after the court and all litigants had heard a whole body of arguments from both sides.
In contrast, Google’s settlement offer comes after just one motion to dismiss the lawsuit and a motion to stay. Neither side has taken any depositions, and the only documents that Google has provided to make its case are from prior litigation going back several years.
Google declined to comment.