A class action lawsuit filed against Google on October 25th in the Northern District of California may have the Googlers feeling like it is perhaps true that no good deed goes unpunished. The suit, Gaos v. Google, alleges that Google violated the Stored Communications Act as well as several California state consumer protection laws by revealing the content of search queries to third parties. To support the proposition that search queries contain sensitive, private and often personally identifiable information, the complaint draws significantly from Google’s own legal filings in its 2006 opposition to a Department of Justice subpoena for search query information issued in the Child Online Protection Act litigation. At the time, Google positioned itself as a champion of user privacy by contesting the subpoena and raising concerns that the search queries are content protected by the Stored Communications Act. Today, Google is being sued for improperly releasing this “content” to third parties and for committing fraud and engaging in unfair business practices by offering users assurances about Google’s commitment to privacy while at the same sharing their search query information with third parties.
The plaintiff’s focus their case primarily on Google’s sharing search queries as part of referral URLs passed to websites visited from Google’s search results. While this has typically been the way the Internet has worked, the complaint details Google’s experimentation with other methods for passing the referral URL which did not contain the search query which caused complaints from search optimization companies and websites. In each instance, Google reinstated passing the search queries in response to the complaints and explained the matter on a corporate blog.
The complaint’s statement of the violations of the Stored Communications Act simply alleges that search queries are content and that Google violated Section 2702(a) and (b) of the SCA by disclosing search queries in electronic storage with an Electronic Communications Service and from storage with a Remote Computing Service. Given widespread use of referral URLs containing search strings within industry, it will be interesting to see if these claims gain any traction.
More likely, the case may simply be a caution for companies that statements about important consumer protection issues such as privacy and security will receive close scrutiny from both regulators and plaintiffs attorneys.