Are you a Google Chrome user? Have you browsed the internet using incognito mode or Google’s private browsing setting? Does the screenshot below look familiar to you? If so, you may be in line to receive a $5,000 payout in the future.

(Google’s incognito disclosure as of August 11, 2020)

On June 5, 2020, a class action lawsuit was filed in California against Google and its parent, Alphabet, seeking at least $5 billion, which if successful, means $5,000 for each class member who has used Google’s incognito mode since June 1, 2016.

Google’s Private Browsing Mode or Incognito Mode

The lawsuit alleges that Google’s private browsing mode or incognito mode as it is called, is in actuality, not private at all.  According to the complaint, Google claims that its users can control what information they share with Google and can browse sites in privacy by launching their browser in “private browsing mode.” Google’s Privacy Policy and its support pages make multiple statements to that effect:

  • “You’re in control of what information you share with Google when you search.”
  • “You can use our services in a variety of ways to manage your privacy . . . across our services, you can adjust our privacy settings to control what we collect and how your information is used.”
  • “Your search and ad results may be customized using search-related activity even if you’re signed out. To turn off this kind of search customization, you can search and browse privately.”
  • “To browse the web privately, you can use private browsing, sign out of your account, change your custom results settings, or delete past activity.”

How is Google Collecting User Data?

Despite the statements listed above, the complaint alleges that no matter what setting the user chooses, Google continues to collect the user’s personal information by using the following five methods: 1) Google Analytics, 2) Google Ad Manager, 3) Google Sign-In button, 4) third party digital pixels, and 5) Google’s android operating system and many of its apps. Apparently over 70% of websites use at least one of these services, which then enables Google to collect user data.

1. Google Analytics

Websites can get Google Analytics for free but then must pay if they want more specific information about their visitors. It is implemented by embedding Google’s code into the webpage code so that both sets of codes run when someone visits the page. Google’s code has the browser send the user’s personal information (such as their IP address, what the user is viewing, what they last viewed, and details about their hardware) to Google’s servers. Notably, the websites do not have to disclose to the users that they are using Google Analytics nor is there any way for the users to figure out which sites are using Google Analytics.

2. Google Ad Manager

Google Ad Manager is also prevalently used by sites; it, too, is implemented by embedding Google’s code into the website’s code so that both of them run whenever a user loads the website. The Google code selects the Google ads to display on the website but it also collects the user’s personal information and tracks visitors and traffic in a manner similar to Google Analytics. Both of these products operate even if the user selects the private browsing mode.

3. Google Sign In Button

Google also has a Sign In button that websites encode into their pages and this button functions and collects personal information in much the same way as Google Analytics and Google Ad Manager. Again, it functions even if the user is in private browsing mode.

4. Third Party Digital Pixels

Google allows third parties to put digital pixels into the websites’ code which allows Google and its data broker partners to track consumers across the web even when they are in private browsing mode.

5. Google’s Android Operating System and Mobile Apps

Google’s Android operating system and many of its mobile apps are constantly sending system and location data to the Google servers. It is believed that this constant transfer of data continues even when the user is in private browsing mode.

How is Google Using This Data?

Plaintiffs believe that Google uses the data for the following purposes: for its third party advertising business, to improve its existing products, and to create new ones. Google has access to a vast amount of data given that Google and its parent, Alphabet, have over 1.5 billion active users. As the complaint describes it: “[i]ndeed, notwithstanding consumers’ best efforts, Google has made itself an unaccountable trove of information so detailed and expansive that George Orwell could never have dreamed of it.”

It is unsurprising that these alleged surreptitious practices to collect valuable data are exceedingly profitable as is evinced by that fact that Alphabet has a net worth of more than $950 billion. Significantly, the complaint points out that almost all of Google’s revenue in the past five years is from third party advertising.

The Claims

The plaintiffs allege state claims as well as a federal claim for violating the Federal Wiretap Act. In general, plaintiffs state that the private browsing mode implies a non-existent privacy and that users cannot and did not give consent for their communications to be intercepted and their information to be taken since they did not know what Google was doing in the background.

Google’s Response

Google disputes the claims and has stated that it will vigorously defend itself. Google has also explained that incognito mode merely allows the user to browse without that information being saved to the user’s browser or device. Furthermore, every time a user opens a new Incognito tab, Google states that websites might collect user information. More specifically, the incognito support pages declare that even in incognito mode, the user’s activity MIGHT be visible: to websites, to whoever runs the network being used, to the internet service provider and to search engines.

A $5,000 Payout for Millions of Incognito Users?

However, to say that such information MIGHT be visible is disingenuous if Google is using the methods described above to knowingly collect personal information every single time incognito mode is launched.

Unfortunately, Google is no stranger to these types of charges; Google was fined $57 million USD for violating the GDPR by not obtaining consent from users and for its lack of transparency. In fact, France’s top court just recently dismissed Google’s appeal against the fine.

If history is any indicator of what is to come, then millions of incognito users may be receiving a large payout in the future. The case has only just been filed, but DDP will keep you posted!