By: April Garbuz 

Living in the Information Age, we exist during a period in human history that is characterized by the shift from industrial production to one based on information and computerization. Many of us find ourselves wondering: is there such a thing as too much information? People are becoming wary of where this information is going and to what ends the private data is used.

Last year, Google was sued in a $5 billion class-action suit accusing the internet search engine of illegally invading the privacy of millions of users by tracking their internet use through browsers set in “Incognito” mode.  The suit alleges that, even when users turn off data collection in Chrome, other Google tools used by websites end up amassing their personal information. This means that when a user visits a website in Incognito private browsing mode, their data can still be collected by Google Analytics.

Google collects browsing history and other web activity data even after users employ safeguards to protect their data. According to the complaint, the company carries on a “pervasive data tracking business.” The users who filed the suit say they were under the impression Incognito mode offered all-encompassing privacy from data trackers. Though Google has been pressing to have the lawsuit dismissed ever since it was filed, in March of 2021, a federal judge denied the request to throw out the case. The court concluded that Google did not notify users that the search engine engages in data collection while the user is in private browsing mode.

Google argues that the plaintiffs consented to its privacy policy, which the company alleges explicitly discloses its data collection practices. When users activate Incognito mode in the Chrome browser, they receive a notification message that begins with the statement, “Now you can browse privately…” and then goes on to clarify a user’s browsing activity is private from other people who use the same device. Evidently, Incognito mode is confusing to users. Studies have shown that some users believe using Incognito mode exempts users from personalized search results. In actuality, Incognito mode prevents data from being stored locally and hides a user’s browsing activity from other people who may use the same device. This confusion begs the question:  what really constitutes data collection consent in the Information Age?

The reality is that the practice of reading privacy policies does not necessarily guarantee truly informed consent. Among adults who say they read privacy policies before agreeing to their terms and conditions, only 22% say they read them all the way through before agreeing to their terms and conditions. According to a survey of U.S. adults by Pew Research Center, most Americans feel they have little or no control over how companies or the government use their personal information. Consumers know that businesses are selling their data, but they don’t know what they can do to take back control.

The explosion in the volume and variety of private data collection has led to consumer concerns around security and privacy that must be addressed. Surveys show that 4 in 5 Americans think there should be a law in place to protect personal data and 83% expect to have control over how businesses use their data. Legislation requiring data use disclosure may be the best method to offer users this kind of data autonomy. This concern has been addressed on the state level by California, in enacting the California Consumer Privacy Act (“CCPA”) in 2019.

The CCPA gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including the right to know about the personal information a business collects about them and how it is used and shared, the right to delete personal information collected from them, the right to opt-out of the sale of their personal information, and the right to non-discrimination for exercising their CCPA rights. The CCPA also requires businesses to state their purposes for processing data and provide a method for consumers to opt-out of their data being sold. Because only California residents have rights under the CCPA, many Americans are left vulnerable to security and privacy threats. As a result, the federal government should look to this Act as a model for nationwide data privacy protection to ensure that not only Californians are protected from pervasive data tracking advanced by businesses.

Student Bio: April Garbuz is a second-year law student at Suffolk University Law School pursuing a concentration in Intellectual Property. She is also a Staff Member of the Journal of High Technology Law and holds a B.S. in Physiology and Neurobiology from the University of Connecticut.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.