Third Circuit Holds that Google May Have Violated California Privacy Law

POSTED NOVEMBER 16, 2015

A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey

On November 10, 2015, the Third Circuit of Court Appeals held that Google may have violated California privacy law by tricking users’ computers into allowing blocked code to be installed by Google ad software. Eleven months after hearing oral argument, the Third Circuit remanded the case back to Delaware Federal Court, which had dismissed all claims against Google in the 5-year-old class action.

While the Third Circuit affirmed most of the lower court ruling, including that the software did not violate the Federal Wiretap Act, the Court found that Google might not withstand scrutiny under California’s privacy law. “What is notable about this case is how Google accomplished its tracking,” the Court wrote, “[a]llegedly, this was by overriding the plaintiffs’ cookie blockers, while concurrently announcing in its Privacy Policy that Internet users could ‘reset your browser to refuse all cookies.’ Google further assured Safari users specifically that their cookie blockers meant that using Google’s in-house prophylactic would be extraneous. Characterized by deceit and disregard, the alleged conduct raises different issues than tracking or disclosure alone.”

In 2012, a Stanford graduate student revealed that Google had tricked computer browsers into allowing exceptions for installing cookies, small pieces of text that track users’ location. Specifically, Apple’s Internet browser Safari allowed users to opt out of cookie installation unless a certain form was filed by the computer. Websites with Google’s ubiquitous ad software automatically filed the Safari form, triggering the exception and allowing cookies to be installed. Thereafter, four computer users commenced a class action lawsuit alleging that Google bypassed their cookie blockers, helping advertisers target potential customers. Google also settled civil claims by the U.S. Federal Trade Commission, 37 states, and Washington, DC totaling $39.5 million that it tracked Safari users’ Internet use without their knowledge, although Google did not admit any wrong doing in connection with any of the settlement.

In affirming the District Court’s dismissal of Wiretap Act claims, the Third Circuit held that while Google did not constitute an illegal third party, the URL being tracked by the cookie could itself constitute content, at the least fulfilling partial criteria for the law’s violation. The Third Circuit also affirmed the District Court’s ruling that Google did not violate any other state laws or the Federal Computer Fraud and Abuse Act. Nevertheless, the Court vacated the dismissal of “freestanding privacy claims against Google under the California Constitution and California tort law.”

Designed & Developed by Peak Seven