Pierluigi Paganini
April 02, 2024
Google has agreed to delete billions of data records related to users’ browsing activities in ‘Incognito Mode’ to settle a class action lawsuit. The class action, filed in 2020 by law firm Boies Schiller Flexner, accuses the company of collecting user browsing data without their knowledge or explicit consent. The class action alleges that the IT giant deceived users, leading them to believe their online activities would not be tracked in incognito mode.
“Google has anticipated that consumers are understandably concerned that Google is tracking their personal information and browsing history. To assuage them, Google promises consumers that they can “browse the web privately” and stay in “control of what information [users] share with Google.” To prevent information from being shared with Google, Google recommends that its consumers need only launch a browser such as Google Chrome, Safari, Microsoft Edge, or Firefox in “private browsing mode.” Both statements are untrue.” reads a class action. “When users undertake either—or both—of the aforementioned steps, Google continues to track, collect, and identify their browsing data in real time, in contravention of federal and state laws on wiretapping and in violation of consumers’ rights to privacy”
In December 2023, Google agreed to settle a $5 billion privacy lawsuit over claims that the company monitored online activity of people who used the ‘incognito’ mode in its Chrome web browser.
According to the lawsuit, the company utilized its advertising technologies and other methods to collect details of users’ site visits and activities, even when individuals were using “private” browsing mode.
The IT giant is accused of having collected an unaccountable trove of information.
“We are pleased to settle this lawsuit, which we always believed was meritless,” Jose Castaneda, Google spokesperson, said in a statement. “We never associate data with users when they use incognito mode. We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalization.”
Although the plaintiffs requested $5 billion in damages, the settlement does not involve any payment from Google. Individuals will have the opportunity to seek damages by submitting their own complaints against the company in state courts across the United States, as outlined in court documents.
“We never associate data with users when they use Incognito mode,” Google spokesperson José Castañeda said. “We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalization.”
The company must also adjust the default settings for Incognito Mode to prevent the browser from gathering third-party cookies, this configuration must be maintained for the next five years.
The Court also ordered Google to delete any information that can allow to make private browsing data identifiable. The company must redact data such as IP addresses and generalize User-Agent strings.
The IT giant will also delete X-Client-Data header field, which is a sort of “tracking ID” used by Chrome. Privacy advocates speculate that the company used it to track users, but the company has always denied allegation.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, privacy)
