A class-action style litigation is being brought against Google in the Netherlands by two not-for-profit organizations, accusing the tech giant of breaching European privacy laws. The Foundation for the Protection of Privacy Interests (FPPI) and the Dutch Consumers’ Association are demanding that Google stops tracking and profiling consumers, and are seeking compensation for what they call “large-scale privacy violations” of the European Union’s data protection regime.
Key Takeaway
Google is facing a class-action style privacy damages suit in the Netherlands, brought by two not-for-profit organizations. They accuse Google of violating European privacy laws by collecting and sharing users’ data without sufficient information or consent. The suit seeks compensation and structural changes to protect user privacy. This litigation follows ongoing investigations into Google’s compliance with GDPR by Ireland’s Data Protection Commission. Google is also transitioning to a new ad targeting system called “Privacy Sandbox.”
The Allegations Against Google
The claimants argue that Google acts in violation of Dutch and European privacy legislation by collecting users’ online behavior and location data without sufficient information or permission. They also claim that Google shares this data, including sensitive personal information, with hundreds of parties through its online advertising platform. The plaintiffs cite research indicating that European residents’ internet activity and locations are exposed to online ad auctions nearly 380 times a day, on average.
The plaintiffs are demanding that Google not only pays damages but also implements structural changes to ensure the protection of users’ privacy. They argue that Google turns users into a product and generates billions in advertising sales each year.
No Win, No Fee Suit and Eligibility
The lawsuit is open for sign-ups and follows a “no win, no fee” structure. Consumers who have used Google products or services in the Netherlands since March 1, 2012, are eligible to join the class-action suit. The Netherlands amended its class action regime early to comply with a new EU directive, allowing qualified entities like consumer rights groups to file collective actions on behalf of a class of consumers.
Implications of EU Rulings and Investigations
A ruling by the Court of Justice of the EU earlier this year confirmed that non-material harm does not require a threshold of seriousness to claim compensation for privacy damages. This means that claims can be made for emotional distress resulting from violations of the General Data Protection Regulation (GDPR) or other privacy laws.
Google has been under investigation by Ireland’s Data Protection Commission, its lead GDPR regulator, for several years over complaints of privacy rule breaches. However, no decisions have been handed down, prompting consumer rights groups to turn to litigation as an alternative. Google’s adtech and location tracking have been subject to complaints, and the company has been accused of deceptive design.
The Google claim in the Netherlands is being funded by the law firm, Lieff Cabraser Heimann & Bernstein. Research conducted by the Irish Council for Civil Liberties has previously exposed the extensive data sharing involved in Google’s real-time-bidding adtech. Despite the investigations, Google has been pivoting to an alternative ad targeting system called “Privacy Sandbox,” which relies on surveillance technology embedded in its Chrome browser. It remains to be seen how much of a privacy advance this represents.