Google Consents To Purge Web Browsing Data

Google settled a class action lawsuit alleging that the search engine giant tracked users without their knowledge or consent using its Chrome browser by agreeing to delete billions of data records showing users’ browsing activity.

TakeAway Points:

  • Google has agreed to purge billions of data records reflecting users’ browsing activities to settle a class action lawsuit.
  • The class action lawsuit was filed in 2020 and claimed the corporation had deceived customers by monitoring their online activities when they believed they were still private while using “private” mode on web browsers like Chrome.
  • The IT giant has also declared that, by the end of the year, tracking cookies will no longer be enabled by default.

Class Action File 

The class action, filed in 2020, alleged the company misled users by tracking their internet browsing activity who thought that it remained private when using the “incognito” or “private” mode on web browsers like Chrome.

In late December 2023, it emerged that the company had consented to settle the lawsuit. The deal is currently pending approval by U.S. District Judge Yvonne Gonzalez Rogers.

“The settlement provides broad relief regardless of any challenges presented by Google’s limited record keeping,” a court filing on April 1, 2024, said.

“Much of the private browsing data in these logs will be deleted in their entirety, including billions of event level data records that reflect class members’ private browsing activities.”

Data Remediation Process

As part of the data remediation process, Google is also required to delete information that makes private browsing data identifiable by redacting data points like IP addresses, generalizing User-Agent strings, and removing detailed URLs within a specific website (i.e., retaining only domain-level portion of the URL).

In addition, it has been asked to delete the so-called X-Client-Data header field, which Google described as a Chrome-Variations header that captures the “state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation.”

This header is generated from a randomized seed value, making it potentially unique enough to identify specific Chrome users.

Other settlement terms require Google to block third-party cookies within Chrome’s Incognito Mode for five years, a setting the company has already implemented for all users. The tech company has separately announced plans to eliminate tracking cookies by default by the end of the year.

“We are pleased to settle this lawsuit, which we always believed was meritless. We never associate data with users when they use incognito mode. We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalisation,” a Google spokesperson said.

The plaintiffs’ lawyers, led by attorney David Boies, called the settlement “groundbreaking” and a “historic step” in requiring big tech companies to be transparent to users about how they collect and use their data. Google’s agreement to retroactively delete user information, is a significant concession, as it forms the backbone of the company’s lucrative advertising business, which depends on the quality of its search engine. It also comes as Google is in the throes of multiple regulatory challenges in the US and abroad, amid rising concerns about how the tech giants use the vast amounts of data they collect from users.

Incognito Mode Update

Google has since updated the wording of Incognito Mode in January 2024 to clarify that the setting will not change “how data is collected by websites you visit and the services they use, including Google.”

The lawsuit extracted admissions from Google employees that characterized the browser’s Incognito browsing mode as a “confusing mess,” “effectively a lie,” and a “problem of professional ethics and basic honesty.”

It further laid bare internal exchanges in which executives argued Incognito Mode shouldn’t be called “private” because it risked “exacerbating known misconceptions.”

The development comes as Google said it has started automatically blocking bulk senders in Gmail that don’t meet its email sender guidelines in an attempt to cut down on spam and phishing attacks.

The new requirements make it mandatory for email senders who push out more than 5,000 messages per day to Gmail accounts to provide a one-click unsubscribe option and respond to unsubscription requests within two days.